Kali Linux Tutorial - Httrack Website copier

In order to see any points of vulnerabilities for either offensive or defensive measures , you have to be able to poke it , slice it ,dice it and be able to see its internals in your own controlled environment. HTTrack is one of the tools that enables you to do so. It enables you to mirror or copy the site of your request to your own local computer , which enables you to experiment as you want it with it .The good thing with it is that it also preserves the actual structure of the whole website . Let me breakdown the whole usage of the tool.

Oh ,before that , If you are using any other distro other than Kali Linux , you will have to check whether the tool is installed in your computer or not. From now onwards I will mention the command that installs the tool (for Debian Linux) at the starting itself . For now , here is the command :
sudo apt-get install httrack
Other than the most obvious way to use it , it also has a wizard mode , which greatly simplifies the whole process.

httrack working

Let me explain how to use the wizard first . The wizard can be invoked by just typing “httrack” without any options. Then it will ask to enter a name for your project . Just name it anything , the name doesn’t really matter, but the name should be sensible in the least. Then it will ask you to enter a base path. The websites will be saved at this directory . If you want, make a new directory for it and assign its path as base path. After that it will ask you enter the website URL .Just enter the URL and press enter .Now you will get a menu with different option . The option that we will be using is 2 . After selecting the option , the tool will go to work and that’s it .

But if you want to   make use of advanced options like tunneling the whole process using a  proxy , the wizard wont do . Then you will have to tackle the command line head on . The general format is :
httrack [url] [options]

There are numerous options that can be used to achieve various results , but the ones that’s important to us are listed
O   :-path for mirror/logfiles+cache (-O path_mirror[,path_cache_and_logfiles]) (–path )
P   :-proxy use (-P proxy:port or -P user:pass@proxy:port) (–proxy )
W  :-mirror web sites, semi-automatic (asks questions) (–mirror-wizard)
cN  :-number of multiple connections (*c8) (–sockets[=N])
TN :-timeout, number of seconds after a non-responding link is shutdown (–timeout)
RN :-number of retries, in case of timeout or non-fatal errors (*R1) (–retries[=N])
%v :-display on screen filenames downloaded (in realtime) (–display)
Q    :-no log – quiet mode (–do-not-log)
q    :-no questions – quiet mode (–quiet)
z     :-log – extra infos (–extra-log)
I *  :-make an index (I0 don’t make) (–index)
%I  :- make an searchable index for this mirror (* %I0 don’t make) (–search-index)

A typical httrack command will be as given below . It just mirrors the website ‘www.securethelock.com’ to /websites/secure directory and it will also display the filenames being downloaded on the screen.
httrack www.securethelock.com -W -O “/websites/secure” -v% *

I hope you guys understood all that . Well , this tool will be essential in some of our comming scenes especially he one about phishing . Always remember ‘Practice makes perfect.’  , so practice , practice , practice . Also don’t be afraid to experiment on your own .

If you want any help, do comment down.


Post a Comment