Is Java applet trick from the Social Engineer Tookit now totally dead?

**larry_man** · 2014-05-08

According to the videos I've seen from TrustedSec, the most successful part of the Social Engineer Toolkit (SET) was the Java applet which, when run, opened a shell (e.g. Meterpreter). However, having just installed and updated SET, it would appear that Java no longer permits self-signed certificates to run.

See: http://bayimg.com/IAoDoaAfb

Although the screenshot says, "your security settings have blocked a self-signed applet from running", I was using Firefox (in a VM) with no additional security additions (e.g. NoScript).

According to Oracle, this has been the case since Java update 51 (https://www.java.com/en/download/help/java_blocked.xml). We are now on update 55.

The Java page says:

Self-signed application (Certificate not from trusted authority)
An application with self-signed certificate is blocked by default. Applications of this type present the highest level of risk because publisher is not identified and the application may be granted access to personal data on your computer.

Is the Java applet social engineering technique now dead?

Thread: Is Java applet trick from the Social Engineer Tookit now totally dead?

Thread Tools

Search Thread

Display

Is Java applet trick from the Social Engineer Tookit now totally dead?

Similar Threads

SSL error when trying to a Java applet social engineering attack on LAN PC.

Posting Permissions