Making (then smashing) a mirror with HTTrack

Military operations, sports teams, and business proposal teams operating at their best will rehearse or perfect their tactics and overall strategy against a mock opponent or in an environment that is an authentic copy of what they will be up against. The benefits of this are many, but chief among them is that these rehearsal environments provide a safe environment to build confidence and competence without the risk of losing the actual battle, game, or project. In the movie Ocean's Eleven, they actually mocked up a complete copy of the vault they were breaching to rehearse their plan (and more, but I won't spoil the fun if you haven't seen it yet –go rent or stream it if you can). The point is that the more accurate and realistic the simulation, the greater the chance of success when the real deal is happening.

Now that my movie reference is over, think about our role as pen testers. If you can pull down a copy of the HTML, JavaScript, CGI, and CSS code for a full website and a hierarchy intact, then wouldn't that be a great way to explore the site without tripping alarms at the real target? All of the brainstorming you and your team engage in can now be used on a replica, and because there is no target organization monitoring the dashboard, we can test a bunch of vectors rather than fretting over just one.  In training along with the pen test, this is also a useful method of creating local, travel-ready copies of sites that can be used without fear of retribution or dependence on actual network connectivity.

These archives can also form the basis of a spoof attack, allowing us to take the actual web pages and modify them before hosting them in a rogue honeypot using Browser Exploitation Framework (BeEF) or a credential skimmer using Social Engineering Toolkit (SET).

Several site mirroring utilities such aswget and w3af can do archives, but HTTrack is the most fully-featured tool in Kali that can create a mirror. You may already use it for base archives, but with a few tweaks, it can do so much more. Let's take a look at some of the most useful CLI options for recon and their equivalent Graphical User Interface (GUI) versions wherever applicable.