Social Engineering

Website Credential Harvesting

Utilize SEToolkit to clone a website

Social engineering toolkit credential phishing attacks

Open the SET
    sudo setoolkit

Social Engineering Attacks (1)
Website Attack Vectors (2)
Credential Harvester (3)

CAN utilize HTTPS with

we CAN use vhosts with SET and enforce Let's Encrypt certs for legitimacy

CAN utilize HTTPS with

Ok, register a new domain with freenom

configure the vhosts

grab new lets encrypt certificates-for-multiple-apache-virtual-hosts-on-ubuntu-14-04

update config at /etc/setoolkit to enable the APACHE server and update the location Ok, when cloning the site with the HTTPS cert enabled in the config, the POST requests in the php file send it over HTTP, which brings an error up in browsers saying that it's insecure. Even though the rest of the site is over HTTPS and has a good cert.

Looking in the index.html file we see that there's no vhost and that it has the action for http

edit lines 497 and 498 which have hardcoded apache dir in

ok yep that was def it, create a PR to fix this? update apache2 package name as well??

Last updated