Creating a password harvester with SET

Social engineering attacks may be considered as a special kind of client-side attacks. In such attacks, the attacker has to convince the user that the attacker is a trustworthy counterpart and is authorized to receive the information the user has.

SET or the Social-Engineer Toolkit ( is a set of tools designed to perform attacks against the human element; attacks, such as Spear-phishing, mass e-mails, SMS, rouge wireless access point, malicious websites, infected media, and so on.

In this recipe, we will use SET to create a password harvester web page and look at how it works and how attackers use it to steal a user's passwords.

How to do it...

  1. In a terminal, ...

Get Kali Linux Web Penetration Testing Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.