Social engineering campaigns can be a lot more effective if you can impersonate a well-known website that users trust. However, when you simply clone a website by cutting-and-pasting the page source and putting it on your own server, your links will stop working. Copying all links and images from the other site can be cumbersome, but there's an alternative: the HTML <base> tag. It specifies a default address/target for all links on a page; it is inserted into the head element.

Let's say you've just cloned a page from the website http://www.example.com. Initially, all images will be broken. Once you drop this little line into the header section of your page, they will appear like on the original page - and all relative links will work as well:

<base href="http://www.example.com/" />

Please note that it may be illegal to clone a website if you don't have the website owner's consent. Also, you need to have permission before you launch an engineering attack, usually from the organization who's employees you are auditing.

Please share any other helpful social engineering tips in the comments section below. If you'd like to try out web-based social engineering attacks, download a free trial of Metasploit Pro.