singh763173 Posted March 11, 2012 Share Posted March 11, 2012 Afternoon all, Quick question for you guys - I have tried to spawn multiple SET instances on a single box and I dont believe it appears to be working. Is this actually possible? I am spoofing sites successfully and it binds it to port 80 but say I wanted to spoof site b and site c at at the same time and wanted to bind it to port 81 and 82 (port numbers irrelevant) - can this be done? If so how? Or if not, can SET be used to download the spoof site so that it can be hosted manually and then the wifi pineapple can just point to the machine hosting the sites and virtualhosts be put in place to redirect depending on URL? (didnt post in the jasager forums as this isnt really a jasager issue) Am i making sense? Thanks Quote Link to comment Share on other sites More sharing options...
singh763173 Posted March 13, 2012 Author Share Posted March 13, 2012 Anyone? Quote Link to comment Share on other sites More sharing options...
digip Posted March 14, 2012 Share Posted March 14, 2012 Dave has an IRC channel just for SET, where people on there might be able to help with this question more. https://www.secmaniac.com/blog/2011/07/20/new-irc-channel-launches-for-the-social-engineer-toolkit-set/ I know dave had added something for a SET interactive shell in the newer versions, but I've only ever dabbled with SET and not really used it enough to get into all of its features. Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted March 14, 2012 Share Posted March 14, 2012 I've heard of running two instances of Apache of different ports but don't have much personal experience with it, I'm sure if you google it'll turn something up. Otherwise you could try to run one instance of the Apache server on port 80 and go into set_config and run the python server on a different port. Or you could try to host all the spoofed sites on the same server but in different directories, so you can point to each of them as if they were their own. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted March 14, 2012 Share Posted March 14, 2012 I've heard of running two instances of Apache of different ports but don't have much personal experience with it, I'm sure if you google it'll turn something up. Otherwise you could try to run one instance of the Apache server on port 80 and go into set_config and run the python server on a different port. Or you could try to host all the spoofed sites on the same server but in different directories, so you can point to each of them as if they were their own. You can change Apache's default (TCP 80) port in the config file to anything you like it. Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted March 14, 2012 Share Posted March 14, 2012 Yeah but how would he run 2 or more instances of Apache (presumably using the same config file) on different ports? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted March 14, 2012 Share Posted March 14, 2012 Yeah but how would he run 2 or more instances of Apache (presumably using the same config file) on different ports? Is it possible to run to instance of Apache, here is a how to http://wiki.apache.org/httpd/RunningMultipleApacheInstances Quote Link to comment Share on other sites More sharing options...
digip Posted March 14, 2012 Share Posted March 14, 2012 You could try vhosts too, see if that works, but not sure how SET will handle all of that. Seriously though, check out their IRC channel. Someone there might have already asked this question or might be something they could add to future versions. Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted March 14, 2012 Share Posted March 14, 2012 Thanks for the link Infiltrator. Looks like what you're trying to do is highly possible, just maybe not w/SET. Quote Link to comment Share on other sites More sharing options...
singh763173 Posted March 14, 2012 Author Share Posted March 14, 2012 Thanks boys, really appreciate your help! I will defo check out the IRC. If on the off chance it cant be done, can you guys suggest a cloning tool that can download "the main stuff". A script can be written in the backend to capture the credentials and so on. Just so that your aware... this is not for malicious purposes but purely for educating myself aswell as others in the possibilities of such actions. Cheers! Quote Link to comment Share on other sites More sharing options...
digip Posted March 14, 2012 Share Posted March 14, 2012 (edited) Thanks boys, really appreciate your help! I will defo check out the IRC. If on the off chance it cant be done, can you guys suggest a cloning tool that can download "the main stuff". A script can be written in the backend to capture the credentials and so on. Just so that your aware... this is not for malicious purposes but purely for educating myself aswell as others in the possibilities of such actions. Cheers! If you are already on the same network as the victim, Ettercap or wireshark and any other MITM tools, SSl strip + MITM, Hamster+Ferrt, etc Edited March 14, 2012 by digip Quote Link to comment Share on other sites More sharing options...
singh763173 Posted March 14, 2012 Author Share Posted March 14, 2012 Haven't heard much about hamster and ferret, might do some reading tonight. Messing around with sslstrip ATM, trying to get to a stage where I can get it to work on the pineapple as well as my bt5 laptop! Cheers digip Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.