Social engineering attacks may be considered as a special kind of client-side attacks. In such attacks, the attacker has to convince the user that the attacker is a trustworthy counterpart and is authorized to receive the information the user has.
SET or the Social-Engineer Toolkit (https://www.trustedsec.com/social-engineer-toolkit/) is a set of tools designed to perform attacks against the human element; attacks, such as Spear-phishing, mass e-mails, SMS, rouge wireless access point, malicious websites, infected media, and so on.
In this recipe, we will use SET to create a password harvester web page and look at how it works and how attackers use it to steal a user's passwords.