How To Create Facebook Phishing Android Application (No Coding Needed)

 Twitt

In this tutorial i'm going to explain how to make an android application with facebook phishing method, so you can get the username and password of each person who login to facebook using this app. 

Note: This post is updated with new undetectable phishing files

This app is actually looks like real facebook app with real facebook icon so victim can't find out whether it's a fake facebook application or not.

Sending fake page's url to victim is not possible now a days ,that method is easily detectable in firefox and google chrome browsers that's why i'm tested this new method to phishing facebook and it works good.

Read my previous tutorial to create latest undetectable facebook phishing page: Create Undetectable Facebook Phishing Site - Advanced

Let's start,

steps

1. Make a phishing facebook login page as android browser and host to web
2. Make an android application using online app creator 

Step 1: Make a phishing facebook login page as android browser and host to web (Undetectable)

First you need to download 'facebookmobile-app.zip' attachment file - Click here to download or Alternate download

It contains 5 phishing page files including a folder.

• data.php
• follow.jpg
• index.php
• login.jpg
• users.txt

Features:

>> It is undetectable ,so the page will not be suspended by any free web hosting site.

>> Customized facebook phishing page files for mobile browser
 (It will automatically redirect to real facebook page with notification of  'Your password was incorrect' while log in from fake phishing page so victim will think he entered wrong password and he won't have any doubt about is it fake or real?). 

Now you have to upload the ZIP file (facebookmobile-app.zip) to web hosting site and get the phishing page's url.

I prefer 000.webhost.com.

Go to: https://members.000webhost.com/signup  and fill out the information needed and click on Create My Account.

Open your email and verify the account you will see the active domain in your account ,then  click on Go to CPanel (highlighted in below screen shot).

Now open the first file manager icon under File managers section.

Go to “public_html” folder and delete the 2 files inside it. then click on “upload“.

Below “Archives” section click on “Choose file“.

Select the zip file Which you have created above (In our case it is 'facebookmobile-app.zip').

Click on the “green tick“.

Done!!!, 

Now what will happen,when your hosting privder will test your content they will get a innocent php file reading another file.and when they try will to access "login.jpg" file they will get an invalid/corrupted image.

Important

Now Access your URL with this id at end (/?id=facebookmobile)

Example: "www.yourdomain.sub.com/?id=facebookmobile/"

Congrats! Now you have your Phishing page URL same as above (note the Url we need it in next step).

Step 2: Make an android application using online app creator

Go to www.appsgeyser.com, Click on CREATE NOW Button.

Click the option website

Paste the phishing page's url in the field (that you created in step1)

Example: "www.yourdomain.sub.com/?id=facebookmobile/"

Fill the field App name: Facebook or something related with facebook, click next

Description: give description about app, click next

Icon: custom icon > upload file - choose file 'FacebookICON.png' (Click here to download FacebookICON.png) - submit

Click Next

Click Create app

You are done,

Download app to your computer then install it on your android device.

How to see stored email and pass?

When victim enter the email and and password in this app it will be stored in our 'users.txt' file inside 000webhost > your domain > file manager > public_html, to see that click the view button next to users.txt file.

Inside users.txt file you can see the victim's email and password (highlighted part in below screen shot).

If you have any doubt in this tutorial just type down a comment here.