Website duplicationSocial Engineering and Manipulation Course

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Tagged: ,

This topic contains 19 replies, has 19 voices, and was last updated by  Raneesh Ravi 3 years, 5 months ago.

Viewing 20 posts - 1 through 20 (of 20 total)
  • Author
    Posts
  • #26534

    Zaza
    Participant

    Hello there my fellow manipulators, I was taking my course on social engineering and heard about this very interesting technique on capturing people’s log in info, in which one duplicates whatever website your target logs on to, puts it online, and then grabs the info being input.
    I understand the concept, but I would like to know how to actually do it, since I’m interested in applying it to real life. Your help is much appreciated in advance. Thank you.

    #26573

    Terumo
    Participant

    I recommend you take a look on Kali linux OS, since you have all the tools there.
    You can use SET (social engineering toolkit) that is included in Kali, and with a few commands you can do it (just like the class shows it).
    There are also tons of tutorials online about it.

    #28837

    OPsecJ
    Participant

    ^ agreed. That will strip the site and load it up for you in apache (takes all the work out of it). Some sites it wont pull 100%, but it gets you going in the right direction. This is a great tool/method for onsite pen tests.

    #30365

    Rattar
    Participant

    What you are talking about is called “Phishing”. It is done by copying the layout of the website, and sending an email to people telling them to go to that website and enter their info. Most people nowadays can figure out a fake vs real website, some though (~10-50%) fall victim to these.

    #30958

    nilmonsta
    Participant

    Your success depends on how well the site is made. I get on anoying pishing sites every day (mostly through ads or popups).
    Things you can look for are bad language/ spelling, unrealistic offers (like theres an Iphone for free and so on)
    ->so don’t be as bad as the majority.
    But pls don’t do anything illegal:)

    #31872

    Anonymous

    I invite you to check this http://wp.me/p5CxI2-2z

    #32880

    milli_mustang
    Participant

    As @rattar said this is “Phishing”..you may test with samples but your idea on trying it on real life could get you some time in jail unless you’re licensed for that 😛

    Note: Please don’t try on financial institutes

    #34122

    vampz
    Participant

    practicing hacking skill is always a question as no one allow you to practice on their website.

    #35124

    whoop whoop
    Participant

    first learn about dns poisoning to redirect the server he was suppose to go to to your machine, then you need a small webserver to serve him a fake webpage.

    something like that?

    #36724

    plagenz
    Participant

    Google “SET” kali and website cloning

    #37242

    cybermo
    Participant

    Thanks

    #37329

    ShadowXCC
    Participant

    If you do not want to use Kali (You probably should), you can also view the source code of any website that you may want to impersonate in any of the more popular browsers (Internet Explorer, Mozilla Firefox, Google Chrome, etc.). You can than copy the source code via the inspect element aspect of the browser and host it as you would host any website. When you do this I suggest you also copy all JavaScript Files as well as the Cascading Style Sheet(CSS) files, to make it as convincing as possible. The only thing that you need to know is how to redirect the login information towards an entity that you control, such as an email or a web server. If you are planning on doing this illegally(you shouldn’t) don’t use anything that may be connected back to you, as you probably will be caught and depending on where you live, imprisoned.

    I also have access to a very convincing paypal login that I found on the Deep Web, which is very simple to get the information gained sent to your email. But I only have this for research purposes, and you shouldn’t use it for illegal actions. If anyone wants to see it, for research purposes only, message me.

    #39626

    kimterje83
    Participant

    can i have paypal site

    #40683

    Cyclex25
    Participant

    covered here i guess: setup SET CH

    #41520

    dekr4ken
    Participant

    remember to use the knowledge for good and not bad guys. it’s a fine line between a good pentester and a crim

    #42284

    thanks

    #42304

    KraTingDang
    Participant

    Useful information, thank you

    #42353

    Cyclex25
    Participant

    oh jeeez, rereading this thread and my reply i want to apologize for not reading exactly what you where asking for. so here you go:

    SET CH Github

    basically, from line 32 is of your interest. i suggest reading the code first and try to understand whats happening. its all written there, just try to let go and read even if you dont understand any python. correct me if im wrong, but this is my assumption for now.

    well, now what this basically does is setting directories fetched data will be written to when certain conditions are met. im just starting to code actually, so my python is veeeery basic. anyways, i love this convenience.
    im more familiar with scripting languages than highlevel ones, so this could be another way of doing it. its not that beautiful, anyways working fine for sure. though this one would mean some veeery basic spaghetti code too, i guess its newb friendly.

    for now, just copy the source of your target site. its the only stuff you need.

    now set up a SQL database in xampp or anything and write a simple php script that you add to your copied sourcecode from the website to be cloned. this code does nothing else than connecting to your database and add stuff to it when, again, certain condition you specify is met. one simple example is some onClick or submit action, so if the login/submit button is clicked, data will be fetched and INSERTed INTO your SQL database.

    dont ever try this stuff anywhere else than your home network, you likely have hard times if you noodle around with sql. the default stuff is set to have no password, and if your code is not escaped correctly and you use deprecated commands (which is likely as actual stuff is only found if you know what to look for), you likely will face a lot of syntax errors or to the worse youll be highly vulnerable to others as your database will be injectable! so…. read about latest php syntax and use pdo and escaped commands for increased security of your code if you cannot trust your environment. but hey, i assume you will keep that stuff on your own network and computer ^^

    sorry to correct the already mentioned issue, you need to understand that this all is clientside stuff, which executes on the client side. i.e. the targets browser….so no, theres nothing you need to copy except that html source! no CSS files, no JS files.
    stuff needs to be copied and/or fetched if its a serverside task we are talking about. CSS and JS is client only, while CSS is mostly just some language to pimp the visual style of your website, it can be utilized for other less known/not_of_any_interest tasks too. anyways, it usually is applied to html files as its capabilities to set visual style is way more powerful than html on its own. if you are interested, i highly recommend looking at html, css and bootstrap, this is the only stuff you need to make killer static websites (i.e. clones/fakes, cause for website you might favour dynamic stuff like generally object orientated sites). as the stylesheet and js script is already containedin your copied html script, you dont have to do anything. this is why the website appears the same if you browse it locally! no need for folders, no need for anything fancy. if you copy the html code and paste it into your texteditor and rename it to whatever.html, then it should look exactly like the original.

    i guess this is really a good point to start. cause this way you learn differences between server and client side languages, highlevel and lowlevel ones. you learn the stuff and can decide what you need for your purpose. also html/css isnt hard, if you want to learn some simple code, start there, go to scripting and than highlevel languages if you enjoy it.

    the CH python script is really sweet, though ^^

    xcuse the novel, cheers

    #46830

    VentGrey
    Participant

    Sadly for SET users Ettercap nowdays doensn’t work anymore, i reccommend you to install bettercap or use mtimf for DNS & Phishing attacks now.

    #49957

    Raneesh Ravi
    Participant

    I think we can do this using Kali Linux.. I heard about something called BEEF.. I dont know much more about that…

Viewing 20 posts - 1 through 20 (of 20 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel