What Is HTTrack?
HTTrack is an easily deployable utility that takes any website from the internet and downloads a copy of it to a local directory on your hard drive.
The tool constructs recursively every directory, obtains HTML/images, and looks for valuable information on the website that could be beneficial for penetration testers.
Notably, HTTrack organizes the original website’s relative link-structure which is extremely useful for the observer.
By default, Kali Linux does not include the HTTrack tool. Nonetheless, downloading and installing HTTrack is relatively easy as it is already included in the Kali repository.
HTTrack supports both Windows and Linux operating systems. For this tutorial, we will be illustrating the Linux version.
In this tutorial, we will show how a hacker can spoof a Yahoo/Gmail login page using HTTrack which they could ultimately utilize to snatch user credentials in a spear phishing campaign.
1. Installing HTTrack
In Kali Linux, open a terminal window and type in the subsequent command to install HTTrack:
root@1337pwn:~# apt-get install httrack
2. Run The Help Command For HTTrack To See If Installation Was Successful
If HTTrack was installed successfully in Kali Linux, you should be able to run the subsequent help command in the terminal:
root@1337pwn:~# httrack --help
We can see the usage as follows:
root@1337pwn:~# httrack [Any parameters] URL Filter -O <Location On Computer To Send Duplicate To>
Therefore, using utilizing HTTrack requires us to point it at the website we are interested in copying.
3. Copy All Pages Of A Website
When using the -O parameter, we will want to also direct the parameter to a directory located on our computer’s hard drive in order to save the website.
We will direct HTTrack to copy the Yahoo login page by entering the subsequent command:
root@1337pwn:~# httrack https://login.yahoo.com -O /tmp/yahoo
We can see that HTTrack has successfully made a copy of every web page of the Yahoo login site on our computer’s hard drive.
If you wanted to copy the Google accounts login page or signup page, you could enter the following command to copy the Google accounts web contents:
root@1337pwn:~# httrack https://accounts.google.com -O /tmp/accountsgoogle
4. Examine The Directory For Contents Of Our Duplicated Yahoo Site
At this stage, we have successfully copied the entire login site to our computer’s hard drive. To view the contents of the duplicated site, proceed by opening a web browser and pointing it to the directory where we instructed HTTrack to save the copied site’s contents.
To view the contents in the folder, we will point our web browser to:
To view the exact duplicate of the Yahoo login page, we can point our web browser to:
We could explore other folders/files like the account folder in:
We can see that there are various HTML files, including one which looks exactly like the real Yahoo signup form:
5. Edit The HTML File
You could edit the HTML files accordingly.
We have illustrated how easy it is for anyone to copy the contents of a website. A security professional could utilize this knowledge to train their company’s staff in responding accordingly to spear phishing attempts.
Kali Linux also has a tool called Hydra which is useful for hackers that are interested in brute-forcing email accounts.