Tabnabbing Attack Method – Setoolkit tutorial

The tabnabbing attack method is used when a victim has multiple tabs open, when the user clicks the link, the victim will be presented with a “Please wait while the page loads”.

When the victim switches tabs because he/she is multi-tasking, the website detects that a different tab is present and rewrites the webpage to a website you specify. The victim clicks back on the tab after a period of time and thinks they were signed out of their email program or their business application and types the credentials in.

When the credentials are inserts, they are harvested and the user is redirected back to the original website.

Tabnabbing Attack Method - Setoolkit tutorial

Tabnabbing Attack Method

    1) Java Applet Attack Method

   2) Metasploit Browser Exploit Method

   3) Credential Harvester Attack Method

   4) Tabnabbing Attack Method

   5) Man Left in the Middle Attack Method

   6) Web Jacking Attack Method

   7) Multi-Attack Web Method

   8) Victim Web Profiler

   9) Create or import a CodeSigning Certificate 

  99) Return to Main Menu


 The first method will allow SET to import a list of pre-defined web

 applications that it can utilize within the attack.

 The second method will completely clone a website of your choosing

 and allow you to utilize the attack vectors within the completely

 the same web application you were attempting to clone.

 The third method allows you to import your own website, note that you should only have an index.html when using the import website


   1) Web Templates

   2) Site Cloner

   3) Custom Import

  99) Return to Webattack Menu

set:webattack> 2

SET supports both HTTP and HTTPS


Enter the URL to clone:

[*] Cloning the website:

[*] This could take a little bit…

The best way to use this attack is if username and password form

fields are available. Regardless, this captures all POSTs on a website.

[*] I have read the above message. [*]

Press {return} to continue.

[*] Tabnabbing Attack Vector is Enabled…The victim needs to switch tabs.

[*] Social-Engineer Toolkit Credential Harvester Attack

[*] Credential Harvester is running on port 80

[*] Information will be displayed to you as it arrives below:

The victim is presented with a webpage that says please wait while the page loads. When the victim switches tabs, the website is rewritten and then enters the credentials and is harvested.

[*] WE GOT A HIT! Printing the output:

PARAM: ltmpl=default

PARAM: ltmplcache=2

PARAM: continue=

PARAM: service=mail

PARAM: rm=false

PARAM: dsh=-9060819085229816070

PARAM: ltmpl=default

PARAM: ltmpl=default

PARAM: scc=1

PARAM: ss=1

PARAM: timeStmp=

PARAM: secTok=

PARAM: GALX=00-69E-Tt5g



PARAM: rmShown=1

PARAM: signIn=Sign+in

PARAM: asts=


Leave a Reply

Your email address will not be published. Required fields are marked *