What is Credential Harvester method?
The Credential Harvester method will utilize web cloning of a web- site that has a username and password field and harvest all the information posted to the website.
Step 1: Choose the Credential Harvester method
Step 2: Create a Phishing page
- This is first method will allow SET to import a list of pre-defined web applications that it can utilize within the attack.
2. Site Cloner
- This second method will completely clone a website of your choosing and utilize the attack vectors within the completely same web application you were attempting to clone.
3. Custom Import
- The third method allows you to import your own website, note that you should only have an index.html when using the import website functionality.
Step 3: Create Phishing Page
The way that this works is by cloning a site and looking for form fields to rewrite. If the POST fields are not usual methods for posting forms this could fail. If it does, you can always save the HTML, rewrite the forms to be standard forms and use the “IMPORT” feature. Additionally, really
address. A browser doesn’t know how to communicate with a private IP address, so if you don’t specify an external IP address if you are using this from an external perspective, it will not work. This isn’t a SET issue this is how networking works.
You did not set port number because this tool automatically take default port number 80
Step 4: victim view
NOTE : Don’t Sent IP Address to victim because that will only work for local network so you use ngrok this will work globally