Jump to content

Credential Harvesting with SET


Recommended Posts

Does anyone use SET for credential harvesting? I'm trying to create as many harvesters as possible for use with dns spoof on the pineapple. My problem is that I’m running out of ram. I’m using a kali vm for each harvester but this just seems like resource waste… Does anyone know or use a better way of harvesting many sites at the same time while not using redirects and having separate IPs for each harvester? Id like to still use the kali setup with SET so I can use some of the other web attacks.

Thanks. XD

Link to comment
Share on other sites

What I'm wondering here is wether you really need unique IPs for that. The sites are accessed by domain name. All you have to do is create another virtual host within your Apache to service it.

With a bit of tinkering and getting the client to accept your cert ("To use this Pine... euhh... free WIFI you need to accept this cert to allow us to encrypt the traffic between us. It's for security. Really!") you can pop them off to a host with your self-signed cert to prove its validity. The tinkering being the DNS server, on being asked for a reverse DNS lookup, to return the name of the domain previously requested by that same client for which you gave that very same IP address.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...