First open your kali Linux application tab in Exploitation Tools and then chose SET Toolkit
Now choose option 1, “Social – Engineering Attacks” and Enter
Then choose option 2, “Website Attack Vectors” and Enter
After that choose option 3, “Credential Harvester Attack Method” and Enter
Now choose option 2 Site Cloner and press Enter
For Post back type your IP address and press Enter, After that type the website name you want to be Clone (in my case I am using gmail)
Cloned web page will be saving in /var/www Folder. As shown below.
Now move cloned files of fake page (e.g. Harvester, post & index.html) in /var/www/html folder.
Now right click on harvester .txt file and give read and write permission.
Now open etter.dns file which is in /etc/ettercap folder.
Modify the contents of the etter.dns and add your own pc IP address as A record.
Now Open Ettercap and go to Sniff and choose Unified sniffing.
Select you network interface (in my case interface is eth0)
Now go to hosts and select Scan for hosts. It will show you the connected PC in your network.
Select host list and select your Target after that click on Add to Target 1 (if you want to select more than 1 target then select the target again and click on Add to Target again)
Open Mitm option and select ARP poisoning…
It will give you a Pop up in which select the Sniff remote connection box and hit OK.
Select Plugins and choose Manage the plugins.
IN Plugins option double click on dns_spoof. (It will start DNS spoofing)
Click on start and select Start sniffing
Now, when the victim will open any web page, the page will redirect it to the Fake page you created.
When victim will put there Id & Password, will get all the details.
The Hacked ID & Password of Victim will get saved in /var/www/html/harvester.txt. As shown below.
