Need help with SET!

[isaac_204]

Hello fellows! Once again I need your help  ! I have a problem with the ports I'm using on the Social Engineering Toolkit. By default the Credentials Harvester runs on port 80 but I wanted to change the port to another one like 443 or 4444 etc. However when I change the port from the set.config file the Credentials Harvester doesn't work so I changed the port that apache2 was listening on to the same port the Creds Harvester was listening on and when I try to run it I get this message:

The best way to use this attack is if username and password form
fields are available. Regardless, this captures all POSTs on a website.
[*] The Social-Engineer Toolkit Credential Harvester Attack
[*] Credential Harvester is running on port 4444
[*] Information will be displayed to you as it arrives below:
[*] Looks like the web_server can't bind to 80. Are you running Apache?
Do you want to attempt to disable Apache? [y/n]: 
 

Also I enabled APACHE_SERVER in the set.config file. Can anybody enlighten me with their knowledge?!

Thanks in advance!

[Dave-ee Jones]

Isn't it a bit more sus for a person that has that website in front of them to see a weird number after the URL? Just use port 80, most web browsers don't show HTTP and HTTPS ports by default.

Also, you've already stated your answer.

Quote

[*] Looks like the web_server can't bind to 80. Are you running Apache?
Do you want to attempt to disable Apache? [y/n]: 

Also I enabled APACHE_SERVER in the set.config file.

You enabled Apache, and it doesn't want Apache to run on the same port. Run the webserver on port 80 and the backend on another port.

Edited November 16, 2017 by Dave-ee Jones

[isaac_204]

Okay so I reset the settings to default and I stopped apache2 and everything is working fine. However the reason I wanted to change the port from 80 to a different one is, because I can't port forward port 80 as it's blocked by my ISP. Also I don't mind how the URL looks since I'm just experimenting with  SET. So my question is how can I change the port the Credentials Harvester runs on to another one? I've already tried to change the port in the set.config file "WEB_PORT=443" and when I access the cloned site by typing in the URL bar "192.168.1.16:443" it loads normaly but when I type anything on the email or password field and press enter instead of getting the credentials I get this error in the terminal:

 

The best way to use this attack is if username and password form
fields are available. Regardless, this captures all POSTs on a website.
[*] The Social-Engineer Toolkit Credential Harvester Attack
[*] Credential Harvester is running on port 443
[*] Information will be displayed to you as it arrives below:
192.168.1.4 - - [17/Nov/2017 09:08:09] "GET / HTTP/1.1" 200 -
[*] WE GOT A HIT! Printing the output:
POSSIBLE USERNAME FIELD FOUND: __user=0
PARAM: __a=1
PARAM: __dyn=7AzHK4GgO649UrJxm2q3miWGey8jrWo466ES2Sq2i5U4e2O2K48jyRyUrxuF98qDKaxeUW2ei5pQ14DBxe6ohx3ypUb8uz8bo5aayrgS2m4o9EfEmCxK9geE84eCUmzpEowWCwk84e9xCWK6oc9oy6oswgE-2mbx-8K4uazrwjQEzyUWf-4Uy68sKbxqfyBgoUhyo947Ey
PARAM: __req=1
PARAM: __be=-1
PARAM: __pc=PHASED:DEFAULT
PARAM: __rev=3463961
PARAM: lsd=AVqk3QFo
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.

[*] WE GOT A HIT! Printing the output:
PARAM: __a=1
PARAM: __be=-1
PARAM: __dyn=7AzHK4GgO649UrJxm2q3miWGey8jrWo466ES2Sq2i5U4e2O2K48jyRyUrxuF98qDKaxeUW2ei5pQ14DBxe6ohx3ypUb8uz8bo5aayrgS2m4o9EfEmCxK9geE84eCUmzpEowWCwk84e9xCWK6oc9oy6oswgE-2mbx-8K4uazrwjQEzyUWf-4Uy68sKbxqfyBgoUhyo947Ey
PARAM: __pc=PHASED:DEFAULT
PARAM: __req=2
PARAM: __rev=3463961
POSSIBLE USERNAME FIELD FOUND: __user=0
PARAM: lsd=AVqk3QFo
PARAM: ph=C3
POSSIBLE USERNAME FIELD FOUND: q=[{"user":"0","page_id":"9ji6lu","posts":[["gk2_exposure",{"identifier":"AT4VyfQf3AxNUabC3SATM7_xd3xkC31NlKa_FXDE7lw97X0965wlsUibcquLjraBX7mXtYDQGZnGD-wbNL5JRq1O","hash":"AT69GYK4kJlcg4KX"},1510902488583,0],["script_path_change",{"source_path":null,"source_token":null,"dest_path":"/login.php","dest_token":"ad976420","impression_id":"104d7e83","cause":"load","referrer":""},1510902488591,0],["scuba_sample",{"int":{"clientWidth":1583,"clientHeight":940},"normal":{"view":"normal"},"_ds":"www_tinyview_port","_options":{"addBrowserFields":true}},1510902488649,0],["time_spent_bit_array",{"tos_id":"9ji6lu","start_time":1510902488,"tos_array":[505,0],"tos_len":9,"tos_seq":0,"tos_cum":7},1510902496587,0],["ods:ms.time_spent.qa.www",{"time_spent.bits.js_initialized":[1]},1510902496590,0]],"trigger":"ods:ms.time_spent.qa.www","send_method":"ajax"}]
PARAM: ts=1510902496594
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.

Edited November 17, 2017 by isaac_204

[Dave-ee Jones]

Can you redirect all traffic on port 8080 to port 80 after changing the port of the webserver to 8080? You can do this with iptables, but I'm not sure if you're on a Linux machine or not..

It's not technically port forwarding but it should solve your problem (hopefully). Also, I don't see why an ISP would block you trying to host a webserver on port 80. Port-forwarding port 80 would probably be blocked, but I don't understand why you can't host a webserver locally on port 80. Seems silly..

Just host it on port 8080 and type ':8080' at the end of your URL, maybe? For testing purposes.

[Hackmenot]

Stai utilizzando Nethunter su Android?

[Irukandji]

 

Ehi, questo è vero!  vecchio post di 4 anni.  E sto usando google translate

 

[John Smith77]

Hello, did you find the answer to this question? I have exactly the same issue when I am trying to use SET with the my public IP. My ISP is blocking inbound traffic on port 80, so I tried using port 443 and 8080 and in the same way I am able to open my webpage from outside IP addresses, but when I enter test credentials and hit sign in - the page keeps loading and SET does not capture anything. I went one step further, and configured to get HTTP request traffic on myPublicIPaddress:443 and then forward it to myPrivateIPaddress:80 , and in the same way when I try to test from my cellphone connection, I can open the webpage, but I can not capture the credentials (I am using Credential Harvester > Web Templates > Google) 

Please let me know if you found a solution or an alternative method to that can be used with the public IP addresses