Now let's have a look at a Social Engineering plugin that will allow us to steal usernames and passwords from accounts. Basically, it will dim the screen and will tell the person that they got logged out of the session so they need to log in again to get authenticated. This will allow us to bypass HTTPS, HSTS, and all the security that's used by the target account page. For example, if we are trying to get usernames and passwords for Facebook, we will be able to bypass all the security that Facebook uses, because we are just showing a fake Facebook page, so the user will never actually make contact with Facebook. Let's click on Pretty Theft, which will open the tab:

In the preceding screenshot, we can click which account we want to hijack. Let's say we're going with Facebook. We can select what the Backlight will be, so we're just leaving that as Grey, and then we hit Execute.

When we go to our target, we can see that they're being told that they got logged out of their session so they need to log in with their username and password:

Enter the username as zaid, then we are going to put our password as 12345, and hit Log in. 

If we go back to the Terminal, we can see that we got our username as zaid and the password as 12345:

We can use this to hijack a number of accounts. Let's look at another example. If we go with YouTube, we give it an Execute:

At the target screen, we see the YouTube logo and we can try to log in. Put in a Username and Password, click Sign In, and the credentials will be captured:

So, again, this is a really good way to gain access to accounts because, even if the user is not planning on logging into the account that we are trying to steal, we will kind of force them to enter their username and password to be logged back into their account, and then we will be able to capture the username and password.