 |
| How to Clone Any Website Using HTTrack ? |
Let's start
Welcome back, my hacker novitiates!
Recently, I demonstrated a hack where you could redirect traffic intended for one site, such as bankofamerica.com, to your fake website. Of course, to really make this work, you would need to make a replicate of the site you were spoofing, or better yet, you could simply make a copy of the original site and host it on your own server!
HTTrack is just the tool for doing that.
HTTrack takes any website and makes a copy to your hard drive. This can be useful for searching for data on the website offline such as email addresses, information useful for social engineering, hidden password files (believe me, I have found a few), intellectual property, or maybe replicating a login page for a Evil Twin site to capture login credentials.
Unfortunately, HTTrack is not included in Kali, so we will need to download and install it. Fortunately, though, it is included in the Kali repository, so all we need to do is open the software repository and download and install it.
Download & Install HTTrack
From Kali, we need to navigate to "System Tools" and then "Add/Remove Software,"
That will open a screen. Notice the window in the upper left-hand corner next to the "Find" button. Enter "httrack" there and it will find the packages you need to install HTTrack.
You can also install it by typing the following in a terminal.
kali > apt-get install httrack
Use HTTrack
Now that we have installed HTTrack, let's start by looking at the help file for HTTrack. When you downloaded and installed HTTrack, it placed it in the /usr/bin directory, so it should be accessible from any directory in Kali as /usr/bin is in the PATH variable. Let's type:
kali > httrack --help
The basic syntax is the following, where -O stands for "output." This switch tells HTTrack where to send the website to.
kali > httrack <the URL of the site> [any options] URL Filter -O <location to send copy to>
Using HTTrack is fairly simple. We need only point it at the website we want to copy and then direct the output (-O) to a directory on our hard drive where we want to store the website. One caution here, though. Some sites are HUGE. If you tried to copy Facebook to your hard drive, I can guarantee you that you do not have enough drive space, so start small.
Test HTTrack
Let's try to make a copy of a site to our hard drive.
kali > httrack http://www.webscantest.com -O /tmp/webscantest
we successfully made a copy of all the pages of this site on our hard drive.
Explore the Site Copy
Now that we have captured and copied the entire site to our hard drive, let's take a look at it.
We can open the IceWeasel browser (or any browser) and view the contents of our copied site to the location on our hard drive. Since we copied the web site to /tmp/webscantest, we simply point our browser there and can view all the content of the website! If we point it to /tmp/webscantest/www.webscantest.com/login.html, we can see that we have an exact copy of the login page!
Conclusion
If you are trying to find information about a particular company for social engineering or trying to spoof a website or login, HTTrack is an excellent tool for both tasks. Many of you have been asking about how to create a clone website for dnsspoof or grab credentials for an Evil Twin, now you have the tool to do so!
Written by: @ismaelwick
0 Comments: