Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SET couldn't create copy of the site by Credential Harvester Attack Method #1061

Open
lightknight77 opened this issue Mar 3, 2024 · 1 comment

Comments

@lightknight77
Copy link

At the stage of selecting item 3) Credential Harvester Attack Method -> 2) Site Cloner, I select the default ip (pressing enter). Then I enter the desired url (any facebook or twitter). And after that the following is displayed:

[*] Cloning the website: https://login.facebook.com/login.php
[*] This could take a little bit...

The Web Attack module is a unique way of utilizing multiple web-based attacks in order to compromise the intended victim.

The Java Applet Attack method will spoof a Java Certificate and deliver a Metasploit-based payload. Uses a customized java applet created by Thomas Werth to deliver the payload.

The Metasploit Browser Exploit method will utilize select Metasploit browser exploits through an iframe and deliver a Metasploit payload.

The Credential Harvester method will utilize web cloning of a website that has a username and password field and harvest all the information posted to the website.

The TabNabbing method will wait for a user to move to a different tab, then refresh the page to something different.

The Web-Jacking Attack method was introduced by white_sheep, emgent. This method utilizes iframe replacements to make the highlighted URL link to appear legitimate however when clicked a window pops up then is replaced with the malicious link. You can edit the link replacement settings in the set_config if it's too slow/fast.

The Multi-Attack method will add a combination of attacks through the web attack menu. For example, you can utilize the Java Applet, Metasploit Browser, Credential Harvester/Tabnabbing all at once to see which is successful.

The HTA Attack method will allow you to clone a site and perform PowerShell injection through HTA files which can be used for Windows-based PowerShell exploitation through the browser.

    1) Java Applet Attack Method
    2) Metasploit Browser Exploit Method
    3) Credential Harvester Attack Method
    4) Tabnabbing Attack Method
    5) Web Jacking Attack Method
    6) Multi-Attack Web Method
    7) HTA Attack Method

   99) Return to Main Menu

And nothing changes. The program does not write that the site is running.

I tried to find the reason and solve the problem. I also read another instruction and followed it. There it was necessary to change the configuration file etc/setoolkit/set.config, change the apache flag from off to on. I also installed apache server on linux. But unfortunately this did not help.

@prajwal1015
Copy link

same error

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants