Task 1: Launching Social Engineering Toolkit SET

Step 1

• Launch Social Engineering Toolkit (SET) in Kali and accept the terms of use.

sudo setoolkit

Step 2

• From the menu choose “1) Social-Engineering Attacks” by entering 1 and hit Enter.

Step 3

• From the menu choose “2) Website Attack Vectors” by entering 2 and pressing Enter.

Step 4

• From the menu choose “3) Credential Harvester Attack Method” by entering 3 and press Enter.

Step 5

• From the menu choose “1) Web Templates” by entering 1 and press Enter. For the IP address, the SET picks up your Kali VM’s IP address automatically, therefore press Enter.

Step 6

• In the next step, we will choose “3. Twitter” option by entering 3 and pressing Enter.

Step 7

• The SET will start the attack.

Step 8

• In order to check on how our cloned page looks like navigate to localhost using web browser.

Task 2: Utilizing Ngrok

Step 1

• As of now, the cloned page is accessible only locally. In practice, we need to have cloned web page publicly accessible. Therefore, we will make this page accessible publicly from internet. The Ngrok tool allows us to create a public URL for our cloned page. Ngrok (https://ngrok.com/) requires a free registration and Download for Linux.

Step 2

• Next, we will start the Ngrok port forwarding using HTTP protocol.

./ngrok http 80

Step 3

• Once Ngrok launched, the public URLs will be displayed.

Step 4

• Open a new website tab, type http://127.0.0.1:4040 to chose which type of URL request which will be the https://[address].ngrok.io.

Step 5

• Ngrok will open the twitter spoofed address that can be used to redirect.

Step 6

• Type in fake email and fake complex password, then click the “Sign in” button.

Step 7

• Check the SET in the terminal window for captured credentials.