Before sending an exploit to a target, it helps to dress it up. Cobalt Strike’s website clone tool can help with this. The website clone tool makes a local copy of a website with some code added to fix links and images so they work as expected.
To clone a website, go to Attacks -> Web Drive-by -> Clone Site.
Figure 28. Website Clone Tool
It’s possible to embed an attack into a cloned site. Write the URL of your attack in the Embed field and Cobalt Strike will add it to the cloned site with an IFRAME. Click the ... button to select one of the running client-side exploits.
To view logged keystrokes or see visitors to your cloned site, go to View -> Web Log.
Check Enable SSL to serve this content over SSL. This option is available when you specify a valid SSL certificate in your Malleable C2 profile. Make sure the Host field matches the CN field of your SSL certificate. This will avoid a situation where this feature fails because of a mismatch between these fields.