Creating a password harvester with SET
Social engineering attacks may be considered as a special kind of client-side attacks. In such attacks, the attacker has to convince the user that the attacker is a trustworthy counterpart and is authorized to receive the information the user has.
SET or the Social-Engineer Toolkit (https://www.trustedsec.com/social-engineer-toolkit/) is a set of tools designed to perform attacks against the human element; attacks, such as Spear-phishing, mass e-mails, SMS, rouge wireless access point, malicious websites, infected media, and so on.
In this recipe, we will use SET to create a password harvester web page and look at how it works and how attackers use it to steal a user's passwords.
How to do it...
In a terminal, write the following command as root:
setoolkit
In the
set>prompt, write1(forSocial-Engineering Attacks) and hit Enter.Now select
Website Attack Vectors(option2).From the following menu, we will use the
Credential Harvester Attack Method(option...
