Social Engineering

Website Credential Harvesting

Utilize SEToolkit to clone a website

Social engineering toolkit credential phishing attacks

Open the SET
    sudo setoolkit

Social Engineering Attacks (1)
Website Attack Vectors (2)
Credential Harvester (3)

CAN utilize HTTPS with https://github.com/trustedsec/social-engineer-toolkit/issues/467

we CAN use vhosts with SET and enforce Let's Encrypt certs for legitimacy

CAN utilize HTTPS with https://github.com/trustedsec/social-engineer-toolkit/issues/467

Ok, register a new domain with freenom

https://ostechnix.com/configure-apache-virtual-hosts-ubuntu-part-1/

configure the vhosts

https://www.digitalocean.com/community/tutorials/how-to-set-up-let-s-encrypt-certificates-for-multiple-apache-virtual-hosts-on-ubuntu-14-04

grab new lets encrypt certificates-for-multiple-apache-virtual-hosts-on-ubuntu-14-04

update config at /etc/setoolkit to enable the APACHE server and update the location Ok, when cloning the site with the HTTPS cert enabled in the config, the POST requests in the php file send it over HTTP, which brings an error up in browsers saying that it's insecure. Even though the rest of the site is over HTTPS and has a good cert.

Looking in the index.html file we see that there's no vhost and that it has the action for http

edit lines 497 and 498 which have hardcoded apache dir in harvester.py

ok yep that was def it, create a PR to fix this? update apache2 package name as well??

PreviousBloodhoundNextNetcat & Socat

Last updated