The Web Jacking Attack Vector is another phishing technique that can be used in social engineering engagements.Attackers that are using this method are creating a fake website and when the victim opens the link a page appears with the message that the website has moved and they need to click another link.If the victim clicks the link that looks real he will redirected to a fake page.
The social engineering toolkit has already import this kind of attack.So we are going to use the SET in order to implement this method.We are opening SET and we select the option 2 which is the Website Attack Vectors.
We will see a list with the available web attack methods.The attack that we are going to use is of course the Web Jacking Attack so we select option number 6.
In the next menu we have 3 options:
Web Templates
Site Cloner
Custom Import
We will select the site cloner in order to clone the website of our interest.Remember that this type of attack works with the credential harvester method so we need to choose a website that it has username and password fields in order the attack to have success.For this scenario as you can see in the image below we have select to clone Facebook because of its popularity.
Now it is time to send our the link with our IP address to the victim.Lets see what the victim will see if he opens the link.
As you can see a message will appear informing the user that the website has moved to a new location.The link on the message seems valid so any unsuspicious users will click on the link.At that time a new page will load into the victim’s browser which it will be fake and is running on our web server.
If the victim enters his credentials into the fake Facebook page that looks like the real one then we will be able to capture his username and password.The next image is showing that:
Proxychains is open source software for GNU/Linux systems.
proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy.
How to install Tor and Polipo in Backtrack 5 R3
How to Use Tor in Backtrack 5 R3 Whole System Using Proxychains
Tor is an open source Anonymous Internet tool. It protects your personal identification from tracking systems by changing the source IP address frequently. Application will create many virtual tunnels through the tor network.By default Tor is not integrated in BackTrack 5. Why use Tor on Backtrack ? Normally Tor is used to protect the browsing security but Tor can be used for network scanning tools and other information gathering tools or by student for Educational Purpose.In this my article i will show you how to install TOR properly on Backtrack . Dont Be Hesitate If You are Unable to Take Advantage of this post . Put YOUR Question with Me I will quickly give your answer .
So Let Us Start I do not recommend just using TOR for your proxy. It's wise to layer your anonymity (Including your router, if you're working off a Desktop).
start. Open the Terminal. step 1. #cd /etc/apt #ls
step 2. #vi sources.list step 3. Press 'i' on your keyboard. step 4. Add this line at the bottom: deb http://deb.torproject.org/torproject.org lucid main step 5. Press ESC, type a colon, type wq and hit enter. step 6. Run this command: gpg --keyserver keys.gnupg.net --recv 886DDD89 step 7. Run this command: gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add - step 8. apt-get update step 9. apt-get install tor tor-geoipdb step 10. Download Tor Browser Bundle for Ubuntu (To your desktop). https://www.torproject.org/projects/torbrowser.html.en
step 11. cd Desktop step 12. Download the architecture-appropriate file above, save it somewhere, then run one of the following two commands to extract the package archive:
tar -xvzf tor-browser-gnu-linux-i686-2.2.37-2-dev-en-US.tar.gz or tor-browser-gnu-linux-i686-2.2.37-2-dev-en-US.tar.gz
step 13. chown -R root:root ./tor-browser_en-US step 14. Open the folder 'Tor-Browser_en-US" step 15. Open the file 'start-tor-browser in gedit. step 16. Find the line: "if [ "`id -u`" -eq 0 ]; then complain "The Tor Browser Bundle should not be run as root. Exiting." exit 1
17. Change to:
if [ "`id -u`" -eq 1 ]; then complain "The Tor Browser Bundle should not be run as root. Exiting." exit 1
now install polipo
18. apt-get install polipo 19. cd /etc/polipo 20. mv config conf-backup.txt 21. Download and copy polipo config 22. vi config 23. Press 'i' on your keyboard. 24. Paste the text you just copied. 25. Press ESC, type a colon, type wq and hit enter. 26. service polipo start 27. service tor start 28. Start tor browser bundle (From the file on your desktop). To run the Tor Browser Bundle, execute the start-tor-browser script: # ./start-tor-browser
Remember, polipo runs on port 8118, TOR runs on 9050
Be sure to stop both when you need to update anything:
