Scribd
Upload
61 views6 pages

QR Code Generator

This document outlines the process of creating a QR code that redirects to a phishing page using the Social-Engineer Toolkit (SET) to demonstrate social engineering tactics. It details the steps for generating a QR code for both the original Instagram website and a fake login page to harvest credentials. The assignment concludes by emphasizing the importance of ethical practices in handling captured data.

Uploaded by

umargul6038508
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
61 views6 pages

QR Code Generator

This document outlines the process of creating a QR code that redirects to a phishing page using the Social-Engineer Toolkit (SET) to demonstrate social engineering tactics. It details the steps for generating a QR code for both the original Instagram website and a fake login page to harvest credentials. The assignment concludes by emphasizing the importance of ethical practices in handling captured data.

Uploaded by

umargul6038508
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Assignment #02

QR Code Generator
Mehak Gul(R019)
Techive Society
Cybersecurity
Arsalan Ali(Head)
Contents
Introduction..................................................................................................................................................3
Objective.......................................................................................................................................................3
Tools Used.....................................................................................................................................................3
Step-by-Step Implementation.......................................................................................................................3
Part 1: Generating the QR Code of the Original Website (Instagram).......................................................
Part 2: Creating a Fake Login Page to Harvest Credentials........................................................................
Conclusion.....................................................................................................................................................6
Introduction
The act of manipulating a person to take any action that may or may not be in the target’s best
interest is called Social Engineering. By using SET, we host a fake login page to manipulate a
user and harvest their credentials. This document outlines the process of creating a QR code that
redirects to a simulated phishing page using the Social-Engineer Toolkit (SET).

Objective
The objective is to understand and demonstrate social engineering tactics, including how a fake
website is created, hosted, and used to gather information.

Tools Used
• Operating System: Kali Linux (Virtual Machine)
• Tool: Social-Engineer Toolkit (SET)

Step-by-Step Implementation
Part 1: Generating the QR Code of the Original Website (Instagram)

1. I opened the terminal and launched SET:


o sudo setoolkit
2. From the SET main menu, I selected Social-Engineering Attacks (Option 1).
3. I chose QR Code Generator (Option 8).
4. I entered the URL of the target website ([Link]
5. SET generated a QR code linking to URL.
Part 2: Creating a Fake Login Page to Harvest Credentials

Step 1: Creating the Fake Login Page

1. I opened the terminal and launched SET:


o sudo setoolkit
2. I selected Social-Engineering Attacks (Option 1).
3. I chose Website Attack Vectors (Option 2).
4. Then, I selected Credential Harvester Attack Method (Option 3).
5. I chose Site Cloner (Option 2) and input the target website URL
([Link]
6. I entered the local IP address (e.g., [Link]) for hosting the phishing page.
7. The system started generating and hosting the fake login page on the local machine (Kali).

Step 2: Generating the QR Code for the Fake Login Page

1. I opened the terminal and launched SET:


o sudo setoolkit
2. From the SET main menu, I selected Social-Engineering
Attacks (Option 1).
3. I chose QR Code Generator (Option 8).
4. I entered the URL of the fake login page ([Link]
5. SET generated a QR code linking to this URL.
Figure 1:Fake Login

Step 3: Testing the Cloned Instagram Login Page

1. I scanned the QR code that directed me to the hosted phishing page URL
([Link] in the browser.
2. The cloned Instagram login page appeared.
3. I entered dummy credentials for testing purposes (testuser@[Link] / Test@1234).

4. In the Kali Linux terminal, where SET was running, the credentials were captured.
5. The captured credentials were displayed in real-time within SET.

6. At the end, logs were also stored:


o File in XML format exported to: /root/.set/reports/2025-02-03
[Link].[Link]
o Ensure that any stored credentials are deleted after testing to maintain ethical
security practices.
Step 4: Distribution of the QR Code

Now, distribute this QR code to the target audience through posters, reels, ads, emails, and
various other methods.

Conclusion
This assignment successfully demonstrated the process of phishing simulation using SET,
including generating a QR code for social engineering attacks.

You might also like