Hacking the Human Mind: Site Cloning’s Click-Based Psychology Exploits.

Credential Harvesting Using Site Cloning.

Lab Objective: 

Discover the method for obtaining credentials by using a replicated website.

Lab Purpose:

Credential harvesting involves secretly collecting sensitive information from a target, such as passwords or answers to security questions, without their knowledge.

Lab Tool:

Kali Linux

Lab Topology:

For this lab, you can utilize Kali Linux within a virtual machine.

Lab Walk-through:

Task 1:

The first step is to boot your virtual machine and launch Kali Linux. After it is up and running, open a terminal and start the “SET: Social Engineering Toolkit” by typing as the root user:

setoolkit
When “Do you agree to the terms of service [y/n]” message appears, type “Y”.
First, update SET utility to get latest features. Choose option 5

Task 2:

Navigate through the main menu by selecting option 1 for “Social-Engineering Attacks,” followed by option 2 for “Website Attack Vectors.” Next, opt for option 3, the “Credential Harvester Attack Method,” when prompted on the subsequent screen.

Task 3:

In the following menu, select option 2, “Site Cloner,” as we will clone a website to harvest the victim’s credentials for this lab.

Task 4:

SET will prompt you to provide your IP address to facilitate sending POST requests from the cloned website back to your machine. Typically, SET can automatically detect your IP address. If your Kali node has multiple IP addresses, you can identify the desired one by opening a new terminal and running “ifconfig”.

After indicating to SET that you want to clone a website, it will request the URL of the site you intend to clone. You can enter any site of your choice. For this lab, the example site used will be https://www.facebook.com.

Task 5:

After entering the URL, SET will clone the website and show all the POST requests from the site in this terminal. Now, proceed to access the cloned site.

Task 6:

To access the cloned site, launch Firefox on your Kali machine and enter your local IP address into the browser. This will display the cloned Facebook login page. Enter any random username and password into the provided fields, then click on “Log In”.

 

Task 7:

Lastly, return to the terminal where SET is active. Scroll through the output of numerous POST requests sent from the cloned site. Look for the sections labeled “username” and “password”. Here, you will find the username and password you entered on the cloned site displayed in clear text.