There's about 5 different ways I can think of right now, but the easiest is probably pound. And or one of the ssl* tools.
Social Engineering Toolkit - Credential harvesting via https
I have SET up and running and functional for harvesting credentials for a cloned https site. However, the site is hosted in SET on standard http port 80. I am looking to be able to host the cloned site using https as it adds an additional layer of reality to the cloned site. I think that it is also prudent to encrypt this traffic since you are capturing users credentials. In the set_config file, you can change the web port and I am able to change it to port 443, however it still uses only standard http without encryption. Has anyone tried something like this?
Re: Social Engineering Toolkit - Credential harvesting via https
There's about 5 different ways I can think of right now, but the easiest is probably pound. And or one of the ssl* tools.
Still not underestimating the power...
There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.
Re: Social Engineering Toolkit - Credential harvesting via https
I spoke with Dave the developer of SET and he is adding in this capability. It should be realeased shortly.
Re: Social Engineering Toolkit - Credential harvesting via https
Just pushed an update for 0.6.1, now supports SSL encrypted traffic for credential harvester and tabnabbing. Enjoy
Re: Social Engineering Toolkit - Credential harvesting via https
Keep in mind that your modern web browser will start screaming at the user that he is trying to connect to a site with an unrecognized certificate ...
Re: Social Engineering Toolkit - Credential harvesting via https
Agarax, it depends on whether SET does something like spoofing arp or if it rewrites an HTML landing page to strip out SSL like Moxie's sslstrip. The former will result in screaming and the latter requires the user to not notice the missing padlock.Originally Posted by Agarax
Frank
Re: Social Engineering Toolkit - Credential harvesting via https
Frank,
My understanding was that the OP was specifically talking about cloning the site and having the user connect to you with HTTPS instead of HTTP. In order for it to be HTTPS you need a cert. Otherwise the default use of Port 80 already in the program would be adequate.
Only exception would be if you were able to grab the legit private key from the website during the pentest. But if you have enough access to the website to grab the private keys you don't need to go through the trouble of spoofing it and getting a user to connect, you can just set up listeners on the server.
Cheers,
Agarax
"If you haven’t trashed your computer while doing something questionable, then you’re not a computer scientist – you’re just an arts grad who didn’t get laid."
If the time stamp for my post is less than 15 minutes old, hold off on the flamethrower, there's a pretty decent chance I'm going to change it.
Posting Permissions
