So with help of Google, I managed to write 22 lines of code that sends an email with the username and password that were entered on my fake website. After that, it sends the user that visited the fake website to the real Dropbox site. And if there was still a Dropbox cookie on your computer, you are logged in on Dropbox, so you won’t notice anything.