Web Jacking Attack Method – Setoolkit Tutorial

In This article we are going to discuss about how to webjacking attack method in setoolkit tutorial.
Web Jacking Attack Method  - Setoolkit Tutorial

What is Web Jacking Attack Method?

The Web Jacking Attack method was introduced by white_sheep, emgent. This method utilise i frame replacements to make the highlighted URL link to appear legitimate however when clicked a window pops up then is replaced with the malicious link. You can edit the link replacement settings in the set_config if its too slow/fast.

Step 1: Choose Web Jacking attack method

First you type this below command this command will help you to open setookit in your terminal.

sudo setoolkit

Once you open setoolkit tool in your terminal choose first option 1. Social -Engineering Attack Now you can see 10 module but you choose 2nd option website attack vector In this place you can see web jacking attack method  option just choose it.
Web Jacking Attack Method  - Setoolkit Tutorial

Step 2: Choose phishing Option

Once you choose Web Jacking Attack Method in your terminal you can see this below 3 option.

1. web Templates
  • This is first method will allow SET to import a list of pre-defined web applications that it can utilize within the attack.

2. Site Cloner

  • This is second method will completely clone a website of your choosing and allow you to utilize the attack vectors within the completely same web application you were attempting to clone.

3. Custom Import

  • The third method allows you to import your own website, note that you should only have an index.html when using the import website functionality.
Now you can choose 2nd option site cloner
Web Jacking Attack Method  - Setoolkit Tutorial

Step 3: Choose IP address and phishing page

— * IMPORTANT * READ THIS BEFORE ENTERING IN THE IP ADDRESS * IMPORTANT * —

The way that this works is by cloning a site and looking for form fields to rewrite. If the POST fields are not usual methods for posting forms this could fail. If it does, you can always save the HTML, rewrite the forms to be standard forms and use the “IMPORT” feature. Additionally, really

Important:

If you are using an EXTERNAL IP ADDRESS, you need to place the EXTERNAL IP address below, not your NAT address. Additionally, if you don’t know basic networking concepts, and you have a private IP address, you will need to do port forwarding to your NAT IP address from your external IP address.

A browser doesn’t know how to communicate with a private IP address, so if you don’t specify an external IP address if you are using this from an external perspective, it will not work. This isn’t a SET issue this is how networking works.

Web Jacking Attack Method  - Setoolkit Tutorial

Step 4: Victim view

Now you share your ip address to victim if your victim click your ip address means this page will be this below image.
execution of phishing page

Now your victim click this above image link means this page will be like this below image.

redirection of facebook phishing page

If your victim type any data on this page will be capture and show in your terminal see this below image.

recived the username and password
NOTE: Don’t choose your local ip address because it’s only work for local network so you choose ngrok it’s work globally

Leave a Reply

Your email address will not be published. Required fields are marked *