To exit the attack click Ctl-C and a report will be generated in an HTML and XML format.Īll you have to do is browse to the folder listed in blue and open the HTML file to see the report. I have highlighted the credentials I entered into the fake Twitter site. All activity on your credential harvesting site will be displayed in real-time on your console. There are a few ways to view captured credentials.įirst, through the console logging. That way they login again, gain access to Twitter and no concerns or red flags are raised. The goal is to fool the target in to think they have entered the wrong credentials or something went wrong on Twitter’s end. Upon hitting “Sign in” the targets credentials will be captured and they will be redirected to the actual Twitter login page. The target would be presented with a seemingly valid login page, in this example Twitter.
![how to use social engineering toolkit in kali linux how to use social engineering toolkit in kali linux](https://static.packt-cdn.com/products/9781788997461/graphics/assets/a4c42417-c224-4786-bd86-26828aab53a9.png)
Since most browsers show non-SSL sites as warning, I would also also utilize an SSL certificate to try to make the page look more authentic. To make it look even more passable I could register a DNS name with Twitter thrown in such as. Its an older style template but other than the IP at the top it could easily pass. Point your browser to the IP you entered (or accepted) when launching the attack in a web browser. For this example I am using option 3 and then press when prompted. If you are behind a firewall or in the cloud use your public IP if the target is external to your firewall. Note: This is the IP that your target would see. You will be prompted to confirm the IP address for where the template will be hosted. SET is scary good at cloning login pages that have a “username” and “password” field on the same page. Note: From here you could also do option 2 to clone an existing login page.
![how to use social engineering toolkit in kali linux how to use social engineering toolkit in kali linux](https://img.wonderhowto.com/img/62/01/63506798419694/0/use-set-social-engineer-toolkit.w1456.jpg)
Launch the Credential Harvester Attack MethodĮnter 1 to enter the “Social-Engineering Attacks”Įnter 2 to enter the “Website Attack Vectors”Įnter 3 to enter the “Credential Harvester Attack Method” Open a new terminal window and enter: setoolkit (I am assuming you have Kali Linux running and updated) This is basic command for practicing further that we will learn command as Penetration perspective.
![how to use social engineering toolkit in kali linux how to use social engineering toolkit in kali linux](https://i.ytimg.com/vi/WNnlylrxxBc/maxresdefault.jpg)
Launch the Social Engineering Toolkit (SET) Social engineering toolkit Bettercap It uses which language in Kali Linux Python is the best language for hackers also mostly tools built on python language.