The web jacking attack method will create a website clone and present the victim with a link stating that the website has moved. This is a new feature to version 0.7. When you hover over the link, the URL will be presented with the real URL, not the attacker’s machine. So for example if you’re cloning gmail.com, the URL when hovered over it would be gmail.com. When the user clicks the moved link, Gmail opens and then is quickly replaced with your malicious webserver. Remember you can change the timing of the webjacking attack in the config/set_config flags.

Requirement Backtrack 5

First open your backtrack terminal and type ifconfig to check your IP

Now Again Open Your Backtrack terminal and Type cd  /pentest/exploits/set

Now Open Social Engineering Toolkit (SET) ./set

Now choose option 1, “Social – Engineering Attacks

Now choose option 2, “Website Attack Vectors

In this option we will select option 6 “Web Jacking Attack Method

In this option we will choose option 2 “Site Cloner

Enter the URL of the site you want to clone. In this case http://www.gmail.com and hit enter. SET will clone up the web site. And press return to continue.

Now convert your URL into Google URL using goo.gl and send this link address to your victim via Email or Chat

When the victim goes to the site he/she will notice the link below, notice the bottom left URL, its gmail.com.

When the user clicks the moved link, gmail opens and then is quickly replaced with your malicious webserver. Remember, you can change the timing of the webjacking attack in the config/set_config flags.

Raj Chandel

Raj Chandel is a Skilled and Passionate IT Professional especially in IT-Hacking Industry. At present other than his name he can also be called as An Ethical Hacker, A Cyber Security Expert, A Penetration Tester. With years of quality Experience in IT and software industry.His interests are mainly in system exploitation and vulnerability research. Contact me: [email protected]

More Posts

Follow Me:
TwitterFacebookGoogle Plus