Ever wanted to know how phishing is performed? and how long it takes to setup? well, in this post, we are going to take a closer look at phishing attacks and how they are setup. The fun thing is, you can do this at home, in your own private network.
In order to setup a phishing page, we will need to have the following running in our private network.
- Kali Linux operating system
- Any operating system with browser functions
- Some time
I personally like to use the virtualbox environment to run my virtual machines. Make sure that your virtual machines are setup to ‘host-only’, in this way you will ensure yourself that only the designated environments will be able to see each other and that there will no be accidental victims of your phishing page.
In the Kali Linux environment, we will need to navigate to the social engineering section which you can find in the Kali Linux menu.
We have assigned the Kali Linux environment the following IP address:
Our victim device is running on:
Before we can start using the social engineering toolkit, we will have to agree to the terms and services.
Press 'Y' and 'ENTER' once you have read and agreed to the terms of using the social engineering toolkit.
Once you have agreed to the terms, you will get a new window that will contain the menu of the social engineering tookit. In this menu, we will have to select ‘1’, which will head us into the flow of a social engineering attack.
Press '1' and hit 'ENTER'
In the next step, we will have a menu that allows us to select multiple methods to perform the phishing attack. In this tutorial, we are going to pick the website attack vectors attack.
Press '2' and hit 'ENTER'
In the following window we will select the TABNABBING method.
Press '4' and hit 'ENTER'