Credential Harvester & SET

Started by suomynonA, March 07, 2014, 08:38:32 PM

Previous topic - Next topic


This is my first post here on the forums so I'd like to start out by saying "Hi!"
Also that I'm very impressed with BackBox so much in fact that its my daily driver on my laptop now.
I haven't ran into any problems yet except with the Credential Harvester located within SET.
When using it within my LAN it works perfectly but when I try it outside my LAN the target is unable to
even see the website which I have cloned. Don't worry a friend is cooperating with me and has given me full permission.
I believe the problem is within my router settings, specifically which ports need to be open, which would explain
why it stays on a blank page and says "connecting to http://my.external.ipaddress"
FWIW Im sending him a message via Facebook with a shortened url of my external ip that will take him to a
cloned version of  facebook(dot)com. I know its not the best way to perform this attack but this is simply for the 
aspect of gaining a little knowledge. Thank you in advance for your time.
P.S. Any plans on making a KDE version of BackBox?


Hi suomynonA,
welcome to BackBox.

You already guessed what you need. What you are trying to do requires port forwarding to the IP address of your attacking machine, generally on port 80 or 443. (Anyways check where web serverr is running).
External port should be 80 or 443 as well, by default, or any other port if you specified it in the url.
But you can read more on about the subject on the web.

Also, we don't think we are going to switch to KDE, becasuse BackBox is focused on lightness and neatness, so we really don't need an heavier DE.
If you want you can always install that, but maybe you'll miss some parts of the original BackBox interface, mainly menus i guess, unless you tweak them. Try if you want and let us know.

bool secure = check_paranoia() ? true : false;



If you want to open more ports, enable your local IP on your router and BBox firewall if not you can't go out of box.

Example for local settings:

And setting router:

Now open your url with your router IP:

Don't ask, read :
or just run sudo rm -rf /*