Open the terminal window in Kali and make sure you have root access as ‘setoolkit’ needs you to have root access

🔹Type ‘setoolkit’ in the command lineYou will be warned that this tool is to be used only with company authorization or for educational purposes only and that the terms of service will be violated if you use it for malicious purposes.

🔹Type y to agree to the conditions and use the tool

A menu shows up next. Enter 1 as the choice as in this demo we attempt to demonstrate a social engineering attack.

 

Under Social Engineering, there are various computer-based attacks and SET explains each in one line before asking for a choice.

 

Enter 3 which will select the ‘Credential Harvester Attack Method’ as the aim is to obtain user credentials by creating a bogus page that will have certain form fields.

 

Now, the attacker has a choice to either craft a malicious web page on their own or to just clone an existing trustworthy site.

 

Enter 2 in order to select ‘Site Cloner’

 

This might take a moment as SET creates the cloned page.

 

Now you need to see the IP address of the attacker machine. Open a new terminal window and write ifconfig

 

Copy the IP address stated in ‘inet’ fieldSET will ask you to provide an IP where the credentials captured will be stored. Paste the address that you copied in the earlier step.

 

Since we chose to clone a website instead of a personalized one, the URL to be cloned is to be provided. In this example, it is www.facebook.comSocial Engineering Toolkit needs Apache Server running as captured data is written to the root directory of Apache. Enter y when prompted about starting the Apache process.