Instructables

Steal Passwords from Classmates with Proxy

Steal Passwords from Classmates with Proxy
In this tutorial, I'll show you how to set up a secure php based proxy (PHProxy) that will detect if somebody is using it to visit a website, and steal his or her password when they log in to that site (emails it to your inbox, so set up a seperate email account). A proxy is also great when your school blocks some websites, and earn the respect of your fellow peers, until they realize you have their passwords.

You will need FULL access to a php enabled web server (controls to password protect directory, and FTP), find a free host or find a friend who has his/her own website.

HTML coding knowledge is required (it's really simple stuff)
PHP coding is needed but I will give you the code to copy in and the code will tell you what you need to change in it to suit you.

I don't know how to write a good disclaimer, but I am not responsible for any of your actions and their consequences. And people will kill you if they find out. Also don't dare to try this on a bank website or paypal.
 
Remove these adsRemove these ads by Signing Up
 

Step 1Initial Folder Setup

Initial Folder Setup
I will assume you have experience with basic websites

Get FTP access to the server, use a FTP client to log in

Create a folder for the entry page, this should have a easy to remember url address

Create a sub folder for the proxy, use http://tools.dynamicdrive.com/password/ to create a password for the directory, this may or may not stop your school from blocking the proxy.

Create a entry page in the entry folder and put a link to the proxy, and include the username and password on it so people can access the proxy, DO NOT EVEN HINT ON THE PAGE THAT IT IS A PROXY, or your school may block it automatically
« Previous StepDownload PDFView All StepsNext Step »
91 comments
1-40 of 91next »
1
Jun 1, 2007. 4:08 PMbenstern says:
GOD DAMN FRANK!!!!!!!! why do you have to ruin a good thing? we kept it secret on our server and now you have to tell the world!!!!!!!
11
Jun 1, 2007. 9:42 PMfrank26080115 (author) says:
shut up... :-P
1
Jan 12, 2011. 9:48 PMhintss says:
lol. at least you didn't tell what the server was...
Aug 15, 2007. 12:58 AMEmpire says:
I have done the same exact thing with a authentication for access but i also added frames and useful tabs like directs links to myspace and facebook but instead of recoding the phpproxy script. i just set up a laptop on my network and loaded backtrack and sniff all good packets like passwords etc. it was wierd how i thought up of the idea but it works. hopefully i can test your method too
1
Jan 12, 2011. 9:43 PMhintss says:
yes, but when you don't bring your laptop, or the site is like facebook and uses https...
May 22, 2007. 10:22 PMkruschiv says:
can u elaborate on this cuz i dont seem to get it to work
11
May 22, 2007. 11:57 PMfrank26080115 (author) says:
If anybody wants and trusts me, you can give me temporary full administrative access to the server and I can quickly set it up provided I get a copy of stolen passwords too
4
Dec 11, 2007. 8:21 AMsnoyes says:
So, you post instructions for stealing passwords, and then ask if people trust you. Nice.
11
Dec 11, 2007. 1:13 PMfrank26080115 (author) says:
I'd think writing about this stuff shows that I have less to hide... I could have written "how to bypass school filters" and simply linked to my own proxy, but I didn't. I find your lack of faith disturbing. :-P
1
Jan 12, 2011. 8:57 PMhintss says:
thats a great idea!!
5
Feb 4, 2008. 12:13 PMbleachworthy says:
pwnt.
Feb 9, 2008. 7:32 PMfishyfish777 says:
Ahaha, yeah, pwnt. Wait... My friend has a Paypal account... Gmail account... Myspace account... and a Ebay account. I can just convince him by telling him he can get to youtube at school... (AHAHAHAHAHAHA I AM THE ROOLER OF TEH SCHOOL) I know I spelled ruler wrong... Just exaggerating haha :)
Aug 15, 2008. 11:37 PMhazzadobo says:
yes and I'm sure you have real friends too, seeing as you a filthy backstabber... get a life...
Jul 11, 2008. 7:04 PMgirrrrrrr2 says:
no what you do is put a "bessy" on his home computer and than take away his admin access... so then he has to use your proxy service to access those sites. that would be the best way to do it...
Aug 15, 2007. 4:26 PMcookn says:
hey frank add my msn extremeracer_11athotmaildotcom and i will sort this temporary admin thing out with you thanks
Apr 2, 2008. 5:13 PMfleetnewsservice says:
of course it's legal... so what if i ended up in the school dungeons because of it. It's still perfectly legal... Man these shackles are really annoying. I've got an itch right around my ankle, right under the shackle... lol
Aug 16, 2008. 10:36 PMalexnester says:
you know if you would have placed a disclamer on your page you wouldnt have to spend time in the dungeons lol
1
Dec 10, 2008. 9:52 PMmoecool101 says:
do we copy that part the (the one u mentioned to look for ) or just make sure its there?
1
Feb 19, 2009. 2:23 PMTATcreator says:
Do not download that virus! N-FACTOR is a bot that drops that same comment everywhere! This virus crashes your system, corrupts the system file ntoskrnl.exe (Thus making Windows stop working permanently), and steals your personal information.
1
Jan 12, 2011. 8:56 PMhintss says:
not on linux, it doesn't. *grabs safety goggles, starts laughing evilly*
5
Dec 10, 2010. 2:52 PMM4industries says:
Step 0: Get FTP access. How would I go about doing that?
Sep 25, 2010. 4:10 AMblacklistspy says:
it............................... does' work..................
Sep 25, 2010. 4:02 AMblacklistspy says:
it .........doees'nt work..........


hi there

how does it works..............????


Aug 9, 2010. 9:42 AMmefistoromano says:
hi, I tried your method but does not work, instead I found this which seems to give results: http://tintoblog.blogspot.com/2008/02/rubare-password-msn.html
1
Jan 19, 2010. 1:00 PMooda55 says:
This script dosent work, even after adding a ; after setting the "is it me" variable.
any solutions to the blank page people seem to be getting after submitting data
Jul 18, 2008. 9:03 PMsavagemania says:
I can't get the proxy to work. The download doesn't work. So I googled it but it is all in a different language.
Jul 18, 2008. 10:06 PMsavagemania says:
I found it and installed it however when I add your code it just loads a blank page.
1
Jan 19, 2010. 12:53 PMooda55 says:
Same :(
Aug 30, 2009. 4:35 PMahaloa says:
hey. i was wondering how do i get it to work for myspace. i have tried every combination i could think of but none are working:( if anybody knows how please tell me. also i made a proxy with 000webhost and in my proxy no sites with secure login work. does anyone no how i can fix this?
3
Jun 7, 2007. 11:59 AMlocofocos says:
I just used this to make a plain proxy. Thanks! Part of the goal of my site is to make a virus-free website that won't steal your personal information. Also, does anyone know if it's true that most page blockers server thingies in America don't block .co.uk pages?
Jul 11, 2008. 7:14 PMgirrrrrrr2 says:
cool so that means that i can access instructables.co.uk?
3
Jul 12, 2008. 8:19 AMlocofocos says:
From my best knowledge, domains that end in co.uk are generally european sites (uk= united kingdom i guess). For that reason, most blockers in the US probably aren't gonna block them. And yes, it should mean that you can access instructables.co.uk . I just tried it, and it redirects to the .com site. So, you can probably go to the .co.uk, but it won't let you redirect to the .com site.
Aug 22, 2008. 6:56 AMhazode says:
No, pages that end in .co.uk, ARE JUST FOR UNITED KINGDOM. For France its .fr
7
Aug 24, 2008. 3:26 AMDerin says:
.fr IS JUST FOR FRANCE!For Turkey its .tr
Jun 3, 2009. 9:02 AMhazode says:
.tr IS JUST FOR TURKEY! For canada it's .can
18
Aug 14, 2009. 5:11 PMgeekazoid says:
im guessinng you dont live in canada... .ca
6
Jun 15, 2007. 8:20 PMzachninme says:
We can visit .co.uk, if thats what you're asking :P Also, they can still steal your info if you use a proxy. Actually, they can steal MORE info with a proxy, due to the fact that all your cookies will be for the same site, so they can access each others no problem. (I'm talking about this PHP repeater thing.)
Apr 21, 2008. 10:35 AMbrad_y says:
Does anyone now a hosting server that will not block PHProxy. All the ones I've tried block iT!
10
Jun 27, 2009. 9:09 PMdtoma says:
000webhost.com
Nov 13, 2008. 11:11 AMcassie baby says:
are school computers are so stupid you can never bypass them with anything !!!!!!!!!!
1-40 of 91next »

Pro

Get More Out of Instructables

Already have an Account?

close

All Steps Viewing
View all steps of an Instructable on the same page when you're a Pro Member.

Upgrade to Pro today!
116
Followers
11
Author:frank26080115(Frank's Projects)
I'm an electrical engineering student at the University of Waterloo.