Using Social Engineering Toolkit (SET) in Kali Linux
Phishing
Phishing is a well-known method whereby a user is fooled by a fake webpage that resembles an existing website and convince the user to log in. The webpage, which is hosted by the hacker, stores the login credentials the victim entered on attacker’s webserver. This way the attacker gets a user’s login username and password. Afterward, the victim is directed to the original website to make the previous attempt seem like a regular unsuccessful login to avoids the victim getting suspicious and changes his/her password.
Easy manner to set up your phishing webpage is to use the exploitation tool like SET to obtain the login credentials of victims. SET (Social Engineering Toolkit) in Kali Linux can be used to clone an existing website and host this cloned on your machine.
This section will demonstrate an easy manner to set up a phishing website for Facebook.
Start social engineering toolkit in Kali Linux
Applications -> Kali Linux -> Exploitation Tools -> Social Engineering Toolkit -> se-toolkit
Follow the steps below:
Victim needs to be some way tricked into visiting the fake website that we have cloned and are hosting on the attacker's web server.
Phishing page fools the victim, and victim signs-in.
The attacker receives the login credentials on his terminal screen once the victim hits the login button.
The attacker receives the login credentials on his terminal screen once the victim hits the login button.