How do Hackers Clone Any Website Using HTTrack

HTTrack takes any website and makes a copy to your hard drive. This can be useful for searching for data on the website offline such as email addresses, information useful for social engineering, hidden password files (believe me, I have found a few), intellectual property, or maybe replicating a login page for an Evil Twin site to capture login credentials.

Unfortunately, HTTrack is not included in Kali so we will need to download and install it. Fortunately, though, it is included in the Kali repository, so all we need to do is open the software repository and download and install it.

HTTrack comes in both a Windows and a Linux version. For those of you who refuse to take off the training wheels, you can download and install HTTrack for Windows on its website.

Step 1: Download & Install HTTrack

From Kali, we need to navigate to “System Tools” and then “Add/Remove Software,” like in the screenshot below.

That will open a screen like the one below. Notice the window in the upper left-hand corner next to the “Find” button. Enter “httrack” there and it will find the packages you need to install HTTrack.

Step 2: Use HTTrack

Now that we have installed HTTrack, let’s start by looking at the help file for HTTrack. When you downloaded and installed HTTrack, it placed it in the /usr/bin directory, so it should be accessible from any directory in Kali as /usr/bin is in the PATH variable. Let’s type:

kali > httrack –help

I’ve highlighted the key syntax line in the screenshot above. The basic syntax is the following, where -O stands for “output.” This switch tells HTTrack where to send the website to.

kali > httrack <the URL of the site> [any options] URL Filter -O <location to send copy to>

Using HTTrack is fairly simple. We need only point it at the website we want to copy and then direct the output (-O) to a directory on our hard drive where we want to store the website. One caution here, though. Some sites are HUGE. If you tried to copy Facebook to your hard drive, I can guarantee you that you do not have enough drive space, so start small.

Step 3: Test HTTrack

In an earlier tutorial on hacking MySQL databases behind websites (MySQL is the most widely used database backend behind websites), we used a website that we could hack with impunity called webscantest.com. Let’s try to make a copy of that site to our hard drive.

kali > httrack http://www.webscantest.com -O /tmp/webscantest

As you can see, we successfully made a copy of all the pages of this site on our hard drive.