Did you try editing the config/set_config file ?
I recently began testing out the credential harvester in the Social Engineering toolkit under the website attack vectors. The harvester does not capture any information, it only posts a header with the time and date. I've tried it with several different sites using my login credentials and nothing has been captured even on sites I know are not encrypted but send clear text. Is there anything that needs to pre-configured for this to work. Or something I'm doing wrong? It asks
Hello!Edit the "config/set_config" , scroll down and turn "WEBATTACK_EMAIL" to ON,the default is OFF,so just replace OFF with ON,then CTRL+X (to save) then hit y(for Yes) and then hit ENTER.Now all you have to do is to run SET .
I really tried Credential Harvester on gmail and it works for me,but after i've turned ON the WEBATTACK_EMAIL.
Thanks guys for your help. I configured the set_config with Web attack vectors on. I tried it out and I'm still not catching my credentials. It just made the e-mail work in conjunction with the website attack method to send out a fake e-mail leading the the victim to the site. I just tried gmail and nothing. I've tried turning off IP address detection and turnning it back on and I've tried turnning sendmail on and off. I even tried booting a fresh backtrack 4 and updating it and still nothing was captured. Any more ideas guys?
When I run ettercap at the same time on my wireless interface, It is able to capture the credentials. Does anyone else need to do this? I see them printed out on both ettercap and the credential harvester.
Last edited by Archangel-Amael; 06-08-2010 at 08:14 AM.
That depends on what you want to do, there are a few options there. Try to read about them.
Tutorials | SecManiac.com Blog there is some great tutorials about SET
Having exactly the same problem.
I only get the first line like
081-001-211-198.yess.at -- [Date] "Get / HTTP/1.1" 200 -
But then: nothing.
Testing in my local network all is working fine.
Do you have some hints for me?
Thanks a lot
Hm, do you need some more information?
I'm using Fritzbox 7170 as Router, port 80 is open, so the Cloned Website is shown correctly. Within my network I get password and login name after sending the form.
From outside only the Website is shown but no password or login name is delivered.
Last edited by dtrixer; 03-09-2011 at 07:28 AM. Reason: Typo
are you trying to do this externally? I had a similar problem when I tried getting this attack to work over the web, it turned out that my isp blocks port 80 from the gate... I dont know if this relates to your situation but I figured I'd share my experience just in case.
Thank you for answering, but Port 80 isn't blocked. The website over port 80 is shown correctly from outside.