Results 1 to 10 of 10

Thread: Social Engineering Toolkit Credential Harvester not showing credentials

  1. #1
    Junior Member
    Join Date
    Mar 2010
    Posts
    29

    Default Social Engineering Toolkit Credential Harvester not showing credentials

    I recently began testing out the credential harvester in the Social Engineering toolkit under the website attack vectors. The harvester does not capture any information, it only posts a header with the time and date. I've tried it with several different sites using my login credentials and nothing has been captured even on sites I know are not encrypted but send clear text. Is there anything that needs to pre-configured for this to work. Or something I'm doing wrong? It asks

  2. #2
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Social Engineering Toolkit Credential Harvester not showing credentials

    Did you try editing the config/set_config file ?
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  3. #3
    Just burned his ISO SeekNDestroy's Avatar
    Join Date
    Feb 2010
    Posts
    11

    Default Re: Social Engineering Toolkit Credential Harvester not showing credentials

    Hello!Edit the "config/set_config" , scroll down and turn "WEBATTACK_EMAIL" to ON,the default is OFF,so just replace OFF with ON,then CTRL+X (to save) then hit y(for Yes) and then hit ENTER.Now all you have to do is to run SET .
    I really tried Credential Harvester on gmail and it works for me,but after i've turned ON the WEBATTACK_EMAIL.


  4. #4
    Junior Member
    Join Date
    Mar 2010
    Posts
    29

    Default

    Thanks guys for your help. I configured the set_config with Web attack vectors on. I tried it out and I'm still not catching my credentials. It just made the e-mail work in conjunction with the website attack method to send out a fake e-mail leading the the victim to the site. I just tried gmail and nothing. I've tried turning off IP address detection and turnning it back on and I've tried turnning sendmail on and off. I even tried booting a fresh backtrack 4 and updating it and still nothing was captured. Any more ideas guys?

    Quote Originally Posted by sickness View Post
    Did you try editing the config/set_config file ?
    What particular in the config/set_config file should I edit. I tried turning on WEB ATTACK vectors. Is the credential harvester working for you sickness? If so, what are your settings?

    When I run ettercap at the same time on my wireless interface, It is able to capture the credentials. Does anyone else need to do this? I see them printed out on both ettercap and the credential harvester.
    Last edited by Archangel-Amael; 06-08-2010 at 08:14 AM.

  5. #5
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Social Engineering Toolkit Credential Harvester not showing credentials

    That depends on what you want to do, there are a few options there. Try to read about them.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  6. #6
    Member
    Join Date
    Jan 2010
    Location
    Helsinki, Finland
    Posts
    235

    Default Re: Social Engineering Toolkit Credential Harvester not showing credentials

    Tutorials | SecManiac.com Blog there is some great tutorials about SET

  7. #7
    Just burned his ISO
    Join Date
    Mar 2011
    Posts
    3

    Default AW: Social Engineering Toolkit Credential Harvester not showing credentials

    Having exactly the same problem.
    I only get the first line like
    081-001-211-198.yess.at -- [Date] "Get / HTTP/1.1" 200 -

    But then: nothing.

    Testing in my local network all is working fine.

    Do you have some hints for me?

    Thanks a lot

  8. #8
    Just burned his ISO
    Join Date
    Mar 2011
    Posts
    3

    Default AW: Social Engineering Toolkit Credential Harvester not showing credentials

    Hm, do you need some more information?

    I'm using Fritzbox 7170 as Router, port 80 is open, so the Cloned Website is shown correctly. Within my network I get password and login name after sending the form.
    From outside only the Website is shown but no password or login name is delivered.
    Last edited by dtrixer; 03-09-2011 at 07:28 AM. Reason: Typo

  9. #9
    Senior Member
    Join Date
    Jan 2011
    Location
    over the under
    Posts
    197

    Default Re: AW: Social Engineering Toolkit Credential Harvester not showing credentials

    are you trying to do this externally? I had a similar problem when I tried getting this attack to work over the web, it turned out that my isp blocks port 80 from the gate... I dont know if this relates to your situation but I figured I'd share my experience just in case.

  10. #10
    Just burned his ISO
    Join Date
    Mar 2011
    Posts
    3

    Default AW: Social Engineering Toolkit Credential Harvester not showing credentials

    Thank you for answering, but Port 80 isn't blocked. The website over port 80 is shown correctly from outside.

Similar Threads

  1. having fun with ettercap an social-engineering-toolkit
    By hardez in forum Tutorials und Howtos
    Replies: 4
    Last Post: 06-09-2010, 05:05 PM
  2. i can't fix Social Engineering Toolkit
    By spo0fer in forum Beginners Forum
    Replies: 1
    Last Post: 05-02-2010, 04:58 PM
  3. Social Engineering Toolkit Error
    By joker5bb in forum Beginners Forum
    Replies: 9
    Last Post: 04-10-2010, 08:41 PM
  4. probleme social engineering toolkit 0.3
    By CX4STORM in forum Beginners Forum
    Replies: 1
    Last Post: 01-25-2010, 04:59 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •