At the stage of selecting item 3) Credential Harvester Attack Method -> 2) Site Cloner, I select the default ip (pressing enter). Then I enter the desired url (any facebook or twitter). And after that the following is displayed:
[*] Cloning the website: https://login.facebook.com/login.php
[*] This could take a little bit...
The Web Attack module is a unique way of utilizing multiple web-based attacks in order to compromise the intended victim.
The Java Applet Attack method will spoof a Java Certificate and deliver a Metasploit-based payload. Uses a customized java applet created by Thomas Werth to deliver the payload.
The Metasploit Browser Exploit method will utilize select Metasploit browser exploits through an iframe and deliver a Metasploit payload.
The Credential Harvester method will utilize web cloning of a website that has a username and password field and harvest all the information posted to the website.
The TabNabbing method will wait for a user to move to a different tab, then refresh the page to something different.
The Web-Jacking Attack method was introduced by white_sheep, emgent. This method utilizes iframe replacements to make the highlighted URL link to appear legitimate however when clicked a window pops up then is replaced with the malicious link. You can edit the link replacement settings in the set_config if it's too slow/fast.
The Multi-Attack method will add a combination of attacks through the web attack menu. For example, you can utilize the Java Applet, Metasploit Browser, Credential Harvester/Tabnabbing all at once to see which is successful.
The HTA Attack method will allow you to clone a site and perform PowerShell injection through HTA files which can be used for Windows-based PowerShell exploitation through the browser.
1) Java Applet Attack Method
2) Metasploit Browser Exploit Method
3) Credential Harvester Attack Method
4) Tabnabbing Attack Method
5) Web Jacking Attack Method
6) Multi-Attack Web Method
7) HTA Attack Method
99) Return to Main Menu
And nothing changes. The program does not write that the site is running.
I tried to find the reason and solve the problem. I also read another instruction and followed it. There it was necessary to change the configuration file etc/setoolkit/set.config, change the apache flag from off to on. I also installed apache server on linux. But unfortunately this did not help.
prajwal1015
commented
3 months ago
At the stage of selecting item 3) Credential Harvester Attack Method -> 2) Site Cloner, I select the default ip (pressing enter). Then I enter the desired url (any facebook or twitter). And after that the following is displayed:
And nothing changes. The program does not write that the site is running.
I tried to find the reason and solve the problem. I also read another instruction and followed it. There it was necessary to change the configuration file etc/setoolkit/set.config, change the apache flag from off to on. I also installed apache server on linux. But unfortunately this did not help.