Credential-harvesting

In this attack, we'll be setting up a fake website of a known site. Our copy, however, will allow us to capture the credentials used by the user. To have the user visit our site, you'll need to deliver it via an email with a heading or subject line that will pique the user's interest to visit it. They'll be prompted to log in and that's it, the credentials will be captured:

  1. Enter setoolkit, then at the main menu, choose option 1 for the social engineering menu.
  2. Enter 2 at the prompt to choose Website Attack Vectors:

  1. Enter 3 for Credential Harvester:

At this point, you've successfully loaded Credential Harvester ...

Get Kali Linux 2018: Assuring Security by Penetration Testing - Fourth Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.