I did a little write up on the new Java applet attack in the social engineering toolkit. I use it to clone a web site and trick a target into visiting it.

The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes