Web-based malware
In today's web app-driven world, spreading malware through web-based attacks is quite common. The majority of the exploit kits use web-based attacks to compromise client machines. One particular class of attacks is quite powerful and commonly used by attackers in the wild. These attacks are categorized as browser-based attacks. In this section, we will use SET in Kali to build on the previous attack, which leveraged a mirrored Internet web page to deliver a malicious Java applet to the victim. If the applet is successfully executed on the victim machine, it will spawn a shell running from the client. Here, we are not necessarily exploiting the browser or any other software on the victim machine; rather, we are trying to exploit the human behavior. Let's use this technique and demonstrate an example of this attack.
In this attack, we are using our controlled access point to capture and manipulate the user's traffic. This setup was previously done with either Hostapd or airbase...