Sunday 18 January 2015

How To Create Facebook Phishing Android Application (No Coding Needed)

facebook phishing android app_picateshackz,com

In this tutorial i'm going to explain how to make an android application with facebook phishing method, so you can get the username and password of each person who login to facebook using this app. 

Note: This post is updated with new undetectable phishing files

This app is actually looks like real facebook app with real facebook icon so victim can't find out whether it's a fake facebook application or not.

Sending fake page's url to victim is not possible now a days ,that method is easily detectable in firefox and google chrome browsers that's why i'm tested this new method to phishing facebook amd it works good.

Read my previous tutorial to create latest undetectable facebook phishing page: 
Create Undetectable Facebook Phishing Site - Advanced

If you want to know more about phishing attacks then you should read this article from our sister website: 
What Is Phishing Scams Or Attacks And How to Prevent It

Let's start,


1. Make a phishing facebook login page as android browser and host to web
2. Make an android application using online app creator 

step 1: Make a phishing facebook login page as android browser and host to web (Undetectable)

First you need to download 'facebookmobile(2).zip' attachment file - Click here to download or Alternate download

It contains 6 phishing page files including a folder.

  • login_files (folder)
  • data.php
  • follow.jpg
  • index.php
  • login.jpg
  • users.txt



>> It is undetectable ,so the page will not be suspended by any free web hosting site.

>> Customized facebook phishing page files for mobile browser
 (It will automatically redirect to real facebook page with notification of  'Your password was incorrect' while log in from fake phishing page so victim will think he entered wrong password and he won't have any doubt about is it fake or real?). 

Now you have to upload the ZIP file (facebookmobile(2).zip) to web hosting site and get the phishing page's url.

I prefer

Go to:  and fill out the information needed and click on Create My Account.


Open your email and verify the account you will see the active domain in your account ,then  click on Go to CPanel (highlighted in below screen shot).


Now open the first file manager icon under File managers section.


Go to “public_html” folder and delete the 2 files inside it. then click on “upload.


Below “Archives” section click on “Choose file“.
Select the zip file Which you have created above (In our case it is 'facebookmobile(2).zip').
Click on the “green tick“.


Done!!!, Now what will happen,when your hosting privder will test your content they will get a innocent php file reading another file.and when they try will to access "login.jpg" file they will get an invalid/corrupted image.

Now Access your URL with this id at end (/?id=facebookmobile)
Example: ""

Congrats! Now you have your Phishing page URL same as above (note the Url we need it in next step).

Dreamhost banner

Step 2: Make an android application using online app creator
Go to

Click on CREATE NOW Button

Click the option website

Paste the phishing page's url in the field (that you created in step1)
Example: ""

Fill the field App name: Facebook or something related with facebook, click next

Description: give description about app, click next

Icon: custom icon > upload file - choose file 'FacebookICON.png' (Click here to download FacebookICON.png) - submit

Click Next

Click Create app

You are done,
Download app to your computer after install it on your android device.

When victim enter the email and and password in this app it will be stored in our 'users.txt' file inside 000webhost > file manager > public_html, to see that click the view button next to users.txt file.


Inside users.txt file you can see the victim's email and password (highlighted part in below screen shot).


If you have any doubt in this tutorial just comment here.

No comments:

Post a Comment