• XSS.stack #1 – первый литературный журнал от юзеров форума

How to create a PHP Scam Page for phishing

Отслеживать
тихий спамер

тихий спамер

CD-диск
Пользователь
Регистрация
07.02.2024
Сообщения
14
Реакции
2
Hello everyone !

Im new at spams but im spending all my days to learn how to do spams, I already learned:
1. how to setup cpanel to host a php scam page,
2. I got a not flagged domain, btw I want to spam CC site , to get fresh CC's from my country,
3. I got private leads that I paid 200$ for 50k with name, address, email, phone number and more.
4. I got a friend that will send the spams, so I dont need to worry about learning how to spam, I prefer learn it my self later

So now I need to learn about scam pages, I dont know how I can make one and make it not go flagged. Or even how to clone one.
I know that you probably thinking is one more dummy guys that want to get all fast and doing nothing, im not like that. Any help is appreciated because I will use it to learn
Because I'm ready to spend my time to learn about this Phishing/Spams topic. So basically I want to spam a site where the people will put their cc infos and I will receive.
It's like a netflix/paypal scam page, but I want to make from other website, and I dont know how I can start making it, so if you understand how it works and want to help
me in this process, you can give me some help by replying this on this thread or starting a private conversationg with me in the xss forum .

Thanks for everyone <3
 
depending how complex the phishing kit is, the php is usually very minimal. only for catching the post data and logging it to a db or emailing the results, like most simple kits do.

the rest of the kit is html, css and js to copy the site you're trying to phish, only with the html form being changed to send all data results to the php.

more complex phishing kits like uadmin are different because they collect the entire request_uri and parse it for the data, check visiting headers, hide the phishing pages by using timed sessions for targeted spamming, allow configs for easy phishing templates to swap out and much more. the simplest phishing kits tend to just collect all data sent via get/post then log it, with the rest of the kit just being the design and form.

go download a few simple phishing kits and look at their code, they're extremely simple to build. i would recommend you migrate toward phishing via reverse proxy as once you master that route, you can achieve everything normal phishing kits can do and more (such as also collecting session cookies, injecting javascript into pages, bypassing 2fa, etc)
 
Последнее редактирование:
vei сказал(а):
depending how complex the phishing kit is, the php is usually very minimal. only for catching the post data and logging it to a db or emailing the results, like most simple kits do.

the rest of the kit is html, css and js to copy the site you're trying to phish, only with the html form being changed to send all data results to the php.

more complex phishing kits like uadmin are different because they collect the entire request_uri and parse it for the data, check visiting headers, hide the phishing pages by using timed sessions for targeted spamming, allow configs for easy phishing templates to swap out and much more. the simplest phishing kits tend to just collect all data sent via get/post then log it, with the rest of the kit just being the design and form.

go download a few simple phishing kits and look at their code, they're extremely simple to build. i would recommend you migrate toward phishing via reverse proxy as once you master that route, you can achieve everything normal phishing kits can do and more (such as also collecting session cookies, injecting javascript into pages, bypassing 2fa, etc)
First of all, appreciate the help, Im tryna build a bank phishing website where just need 2 things, the login and the password, then dont need more things, but before start the spamming what I need to protect the phishing site, like antibots, cloudflare and more what?

Thanks.
 
Пожалуйста, обратите внимание, что пользователь заблокирован
to do not get flagged you need to obfuscate the html,js code this is the code that flagged the bots,crawlers cannot read the php code but can read both html and js also css one more thing for an example if you want to make scam page for paypal dont go and copy past paypal page other wise code your own one and make it very similar to target page also dont use cpanels use VPS and dont use public hosting because they maybe will check the content to new sites
hope this help
 
тихий спамер сказал(а):
First of all, appreciate the help, Im tryna build a bank phishing website where just need 2 things, the login and the password, then dont need more things, but before start the spamming what I need to protect the phishing site, like antibots, cloudflare and more what?

Thanks.
there is many defenses for protecting a phishing page, it depends how you're spamming the domain and how much time you're willing to spend trying to keep it not red. the domain will be caught one day, there is no stopping that.

most simple kits just block a hard coded list of ips, which could be crawlers and bots. this doesn't work well, especially alone. you can parse headers to verify unique visitors, you can spam unique session urls that only live for an hour, so that only your target leads view the phishing page and all other visitors do not. you can hide behind cloudflare to monitor traffic, or disable phishing panel for a real looking website when not in use. there are many different things you can do, it all takes creativity if you think about what best way you can protect it.
 
Пожалуйста, обратите внимание, что пользователь заблокирован
vei сказал(а):
depending how complex the phishing kit is, the php is usually very minimal. only for catching the post data and logging it to a db or emailing the results, like most simple kits do.

the rest of the kit is html, css and js to copy the site you're trying to phish, only with the html form being changed to send all data results to the php.

more complex phishing kits like uadmin are different because they collect the entire request_uri and parse it for the data, check visiting headers, hide the phishing pages by using timed sessions for targeted spamming, allow configs for easy phishing templates to swap out and much more. the simplest phishing kits tend to just collect all data sent via get/post then log it, with the rest of the kit just being the design and form.

go download a few simple phishing kits and look at their code, they're extremely simple to build. i would recommend you migrate toward phishing via reverse proxy as once you master that route, you can achieve everything normal phishing kits can do and more (such as also collecting session cookies, injecting javascript into pages, bypassing 2fa, etc)
exactly.
PHP should be a template which is the core for ALL phishing pages, and it will log to the same or different dbs depending on your setup.
Take his advice and then use gpt to generate the landing page html code and just use something like bootstrap for css styling.
 
If protecting your page is your main focus you will need to write an antibot system i prefer overhead ones meaning the antibot won't be present on the page and i mostly don't make pages with php unless you don't want it to be portable you can make portable pages with js and derive the htmlcss and other js code functionality from your server after you've validated the session using the overhead antibot system you can write an antibot system with php or c++, i use c++ for my overhead servers both the code server and antibot server make it totally impossible for crawlers to derive code from page source because source isn't available on the frontend server none of my pages i make has ever gone red or blocked due to this functionality there're other ways as well as deploying the antibot system on the main controlled host server for any conneciton on main ports 80 and 443 to be parsed to your c++ server to validate entry before proceeding to forward request and i wouldn't recommend you use a cpanel even though you're beginning controlling your frontend to backend is better if you want a stable project with privately kept data.
 
Последнее редактирование:
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх