How To Create Phishing Page In Backtrack SET

Hello friends after a long time I came up with hacking tutorial that is called creating phishing page with the help of Social Engineering toolkit SET available in Backtrack and Kali Linux, preinstalled.While you are creating phishing page manually you have to do a lot of work like editing index.html page. But creating Phishing page by credential harvester in SET is an easy task.

Requirement:
Backtrack or Kali Linux any version.
Internet connection with LAN.

Remember for this attack to be successful you have to be in same network as target is in, So lets start the action.


Boot Backtrack or Kali Linux, In my case it is Backtrack. Navigate to SET as shown in pic that is "Backtrack->Exploitation tools-> Social Engineering Tools->Social Engineering Toolkit->set"



After clicking on SET a new terminal will open say yes "y" to it and press Enter.



Now SET is in front of you.Press 1 and hit enter to open SET.



Now press 2 and hit enter for entering into Website attack Vectors.




After that press 3 for Creating a Phishing page or we can say this attack as 'Credential Harvesting Attack'.


Now three options are in front of you they are.
Web Templates -- For importing premade template for Gmail, Facebook from SET.
Site Clone -- Will clone a site by providing url to SET.
Custom Import -- For importing your own made phishing page.
Best one is Site Clone that clone the site for us by providing just url of that site to SET



After selecting Site Clone you have to provide IP address of your machine which you can check by. Open another terminal and type in:
root@bt:~#ifconfig
Copy your IP address and paste over in to the SET.



Now paste the URL of site into the SET as in picture and hit enter.



That is it, now you have created the Credential harvesting attack on your IP address, just make your target to open your phishing page by any how and wait for your target to enter him or her username and password into it.


And we got the username and password of our victim and target is redirected to original Facebook.com.


For making victim to go to your IP address, you have to do DNS Poisoning attack (Tutorial Here)
Hope this is bit informative for you guys in security.