Phishing

What Is Phishing?

Fraudsters send fake emails or set up fake web sites that mimic Yahoo!'s sign-in pages (or the sign-in pages of other trusted companies, such as eBay or PayPal) to trick you into disclosing your user name and password. This practice is sometimes referred to as "phishing" — a play on the word "fishing" — because the fraudster is fishing for your private account information. Typically, fraudsters try to trick you into providing your user name and password so that they can gain access to an online account. Once they gain access, they can use your personal information to commit identity theft, charge your credit cards, empty your bank accounts, read your email, and lock you out of your online account by changing your password.

I'm also create a Facebook phishing page.

When we go to the phishing site we can see the fake Facebook page like the original one.Without looking the URL we can't identify is it original or fake.Most of the time non-technical people couldn't identify is it original or a fake one.What they will do is when they seen the page they are going to provide the credentials then click login button.The background process is when they enter the login button it is redirect to the "login.php".Then the "login.php" file instructions will be execute.
Step 1:
First of all you should download the entire web page to your machine.

Then rename the web page as "index.html".

Step 2:
Then open the web page using notepad and find the key word called "action".
Press (Ctrl+H) to search the key word.

Then change the link as "login.php"

Index.html File

Step 3:
Then create a  login.php file with code given bellow.
You can also download the source code from my github.
https://github.com/thusith94/phishingFb
login.php File

Step 4:

Then you can free host this web page in any free hosting website.

ex:- https://www.000webhost.com/

You should upload both index.html and login.php file.

Phishing Page 

Then If someone entered their credentials to this form,It'll redirect to the original Facebook login page.So non-technical people can't identify what was happen.They might be think it's a connection lost or something like that.So they will logging again using the original Facebook page.

Finally we can see the credentials of the user in a file called "myfile".

Study Purpose Only.

SHA-1 Broken

SHA-1 Broken

Today, Google made major waves in the cryptography world, announcing a public collision in the SHA-1 algorithm. It’s a deathblow to what was once one of the most popular algorithms in cryptography, and a crisis for anyone still using the function. The good news is, almost no one is still using SHA-1, so you don’t need to rush out and install any patches. But today’s announcement is still a major power play from Google, with real implications for web security overall.

Like most cryptography, it can get a little complicated, so it’s probably best to start from the very beginning...

WHAT JUST HAPPENED?

Google publicly broke one of the major algorithms in web encryption, called SHA-1. The company’s researchers showed that with enough computing power — roughly 110 years of computing from a single GPU for just one of the phases — you can produce a collision, effectively breaking the algorithm. We’ve known this was possible for a while, but nobody has done it, in part because of the possible fallout.

A DEATHBLOW TO A ONCE-POPULAR ALGORITHM

In accordance with its disclosure policy, Google is waiting 90 days to say exactly how they did it — but once the proof-of-concept is out, anyone with enough computing power will be able to produce a SHA-1 collision, rendering the algorithm both insecure and obsolete.

It’s hard to say if Google’s researchers are the first people to do this (<cough> NSA <cough>), but they’re the first ones to talk about it, which has major implications for anyone still using SHA-1.

WHAT DOES SHA-1 ACTUALLY DO?

SHA-1 is a hashing function, which produces a digital fingerprint from a given file. That lets you verify a file’s integrity without exposing the entire file, simply by checking the hash. If the hash function is working properly, each file will produce a unique hash — so if the hashes match, the files themselves will also match. That’s particularly important for login systems, which need to verify that a password is correct without exposing the password itself.