Credential Harvesting with SET

[digitalnull]

Does anyone use SET for credential harvesting? I'm trying to create as many harvesters as possible for use with dns spoof on the pineapple. My problem is that I’m running out of ram. I’m using a kali vm for each harvester but this just seems like resource waste… Does anyone know or use a better way of harvesting many sites at the same time while not using redirects and having separate IPs for each harvester? Id like to still use the kali setup with SET so I can use some of the other web attacks.

Thanks. XD

[cooper]

What I'm wondering here is wether you really need unique IPs for that. The sites are accessed by domain name. All you have to do is create another virtual host within your Apache to service it.

With a bit of tinkering and getting the client to accept your cert ("To use this Pine... euhh... free WIFI you need to accept this cert to allow us to encrypt the traffic between us. It's for security. Really!") you can pop them off to a host with your self-signed cert to prove its validity. The tinkering being the DNS server, on being asked for a reverse DNS lookup, to return the name of the domain previously requested by that same client for which you gave that very same IP address.