Social Engineer Toolkit (SET) problem with site cloner redirecting

[williamc]

The site cloner wont redirect to the legitimate site after entering credentials. There seems to be an issue with the POST request, as it reloads the cloned site and the error:
"The connection was reset".

I've looked through the /pentest/exploits/set/src/webattack/web_clone/cloner.py script for any obvious problems, but I'm not having much success. Any ideas?

[zimmaro]

The site cloner wont redirect to the legitimate site after entering credentials. There seems to be an issue with the POST request, as it reloads the cloned site and the error:
"The connection was reset".

I've looked through the /pentest/exploits/set/src/webattack/web_clone/cloner.py script for any obvious problems, but I'm not having much success. Any ideas?

hi williamc
I state not to be an expert:
this is a big problem!
I noticed that if you use systems "windows-obsolete" in my case winxp-sp3-NO-update .... NOT the connection is interrupted!
ES:
(SET) siteclone facebook> credential-harvester >> vs >> xp-sp3
if the login is true / false> the traffic return to login-page .. && .. (attackers have credentials)
i tested with IE8, crome (last) firefox (last)

while on my Win7/8 fully patched the traffic connection is reset!
but ........ (attackers have credentials)
bye

[williamc]

Getting a little closer to finding a solution. I ran the browser through an external proxy and it redirected after getting credentials. However, when it doesn't go through an external proxy, it just hangs and gives the connection reset message. It has something to do with the post request and processing after grabbing credentials. Any ideas?