# Social Engineering Website Credential Harvesting Utilize SEToolkit to clone a website ``` Social engineering toolkit credential phishing attacks Open the SET sudo setoolkit Social Engineering Attacks (1) Website Attack Vectors (2) Credential Harvester (3) CAN utilize HTTPS with https://github.com/trustedsec/social-engineer-toolkit/issues/467 ``` we CAN use vhosts with SET and enforce Let's Encrypt certs for legitimacy CAN utilize HTTPS with Ok, register a new domain with freenom configure the vhosts grab new lets encrypt certificates-for-multiple-apache-virtual-hosts-on-ubuntu-14-04 update config at /etc/setoolkit to enable the APACHE server and update the location Ok, when cloning the site with the HTTPS cert enabled in the config, the POST requests in the php file send it over HTTP, which brings an error up in browsers saying that it's insecure. Even though the rest of the site is over HTTPS and has a good cert. Looking in the index.html file we see that there's no vhost and that it has the action for http edit lines 497 and 498 which have hardcoded apache dir in harvester.py ok yep that was def it, create a PR to fix this? update apache2 package name as well?? --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://notes.m4lwhere.org/offensive/social-engineering.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.