Web phishing: clone website and host fake facebook for n00bs

sc015020
3 min readOct 15, 2019

--

Using Social Engineering Toolkit (SET) in Kali Linux

Phishing

Phishing is a well-known method whereby a user is fooled by a fake webpage that resembles an existing website and convince the user to log in. The webpage, which is hosted by the hacker, stores the login credentials the victim entered on attacker’s webserver. This way the attacker gets a user’s login username and password. Afterward, the victim is directed to the original website to make the previous attempt seem like a regular unsuccessful login to avoids the victim getting suspicious and changes his/her password.

Easy manner to set up your phishing webpage is to use the exploitation tool like SET to obtain the login credentials of victims. SET (Social Engineering Toolkit) in Kali Linux can be used to clone an existing website and host this cloned on your machine.

This section will demonstrate an easy manner to set up a phishing website for Facebook.

Start social engineering toolkit in Kali Linux
Applications -> Kali Linux -> Exploitation Tools -> Social Engineering Toolkit -> se-toolkit

Follow the steps below:

Type 1 to select Social-Engineering Attacks option
Type 2 to select Website Attack Vectors option
Type 3 to select Credential Harvester Attack Method option
Type 2 to select Site Cloner option
Write your own machines IP address X.X.X.X (to figure out your IP address type ifconfig in the terminal and look after inet adddr)
Enter URL www.facebook.com of the login webpage to be cloned

Victim needs to be some way tricked into visiting the fake website that we have cloned and are hosting on the attacker's web server.

Phishing page fools the victim, and victim signs-in.

The attacker receives the login credentials on his terminal screen once the victim hits the login button.

The attacker receives the login credentials on his terminal screen once the victim hits the login button.

--

--

sc015020

Running IT security analyst. Passionate about (wireless) networks and security overall