# 1. Perform Social Engineering using tools

## 1. Sniff credentials using SET (Social engineering toolkit)

launch SET

```
sudo su
setoolkit
```

Select social engineering toolkit > website attack vectors > credential harvestor > site cloner

<figure><img src="https://2218819509-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrUBnODuUX4EQ8P27uc5D%2Fuploads%2FP5fCYGuDTA9VPkoRc9Us%2Fimage.png?alt=media&#x26;token=edb9b82b-fe2b-4d20-a779-b70ce412e42f" alt=""><figcaption></figcaption></figure>

As soon as the victim types in his/her **Username** and **Password** and clicks **Login**, **SET** extracts the typed credentials. These can now be used by the attacker to gain unauthorized access to the victim’s account.

{% embed url="<https://www.udemy.com/course/ethical-hacker-practical/?referralCode=289CF01CF51246BCAD6C>" %}