The web jacking attack method will create a website clone and present the victim with a link stating that the website has moved.
This is a new feature to version 0.7. When you hover over the link, the URL will be presented with the real URL, not the attacker’s machine. So for example if you’re cloning gmail.com, the URL when hovered over it would be gmail.com. When the user clicks the moved link, Gmail opens and then is quickly replaced with your malicious webserver. Remember you can change the timing of the webjacking attack in the config/set_config flags.
Requirement Backtrack 5
First open your backtrack terminal and type ifconfig to check your IP
Now Again Open Your Backtrack terminal and Type cd /pentest/exploits/set
Now Open Social Engineering Toolkit (SET) ./set
Now choose option 1, “Social – Engineering Attacks”
Now choose option 2, “Website Attack Vectors”
In this option we will select option 6 “Web Jacking Attack Method
In this option we will choose option 2 “Site Cloner”
Enter the URL of the site you want to clone. In this case http://www.gmail.com and hit enter. SET will clone up the web site. And press return to continue.
Now convert your URL into Google URL using goo.gl and send this link address to your victim via Emailor Chat
When the victim goes to the site he/she will notice the link below, notice the bottom left URL, its gmail.com.
When the user clicks the moved link, gmail opens and then is quickly replaced with your malicious webserver. Remember, you can change the timing of the webjacking attack in the config/set_config flags.
No comments:
Post a Comment