Let’s see what will happen if the victim enters his credentials…Īs we can see from the moment that the victim will submit his credentials into the fake website SET will send us his Email address and his password. If a user reads the email and makes a click to our link (which is our IP address) he will see the Facebook login page. This can be implemented via spoofed emails that will pretend that is coming from Facebook and they will ask the users to log in for some reason. Now it is time to send our internal IP to the users in the form of a website(such as ). Now we need to enter our IP Address where you want to receive all POST back requests.Īnd in the last stage, you need to choose the Web Template, and in this case, we selected Facebook because of its one of the most popular social networking platform. We will use the Credential Harvester Attack Method because we want to obtain the credentials of the users.Īs we can see in the next image SET is giving us 3 options ( Web Templates, Site Cloner and Custom Import).įor this example, we will go with “ Web Templates” option because it has some ready-made Web Templates which we can easily use. Our choice we will be the Website Attack Vectors because as the scenario indicates we need to test how vulnerable are the employees of our client against phishing attacks. To start the SEToolkit, just type “ setoolkit” in your terminal window.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |