Social engineering can consist of several methods that you can use.
You may or not have been social engineered by some random person, a spam message or an email that you got saying that you received a price or registering something to win a lottery or something along those lines.

The purpose of social engineering is that the attacker (the one who sent you the message) trying to get information out of you. They may asked you to logged in into some website with your username and password, when in fact, they are recording those data that you inputted, or they are trying to get personal information out of you, for example, your birthday (a common password), your favorite things, or your family members, it could be anything. Whatever method they are using, they are trying to get a password for your account.

You can try and social engineer your friends or acquaintances, try asking them their birthday, or ask them for their password directly, maybe they will give it to you. That is why gaining some personal connection with the one you want to get the information out of is important. You have to gain their recognition or trust for them to be able to reveal their personal information.

In kali linux, there is a tool available that will give you the ability to reveal the password out of someone. There is a tool calles cupp (Common User Password Profiler) when you type cupp -i, you will be given a set of questions that you have to fill out regarding the person that you want to attack (their personal information), such as their names and birthday. After that it will give you a list of passwords that they might have used as their password.

Another tool is called setoolkit. Type setoolkit and it will give you an option of what you want to do. In this case, we are going to try to make a copy of a legitimate website like facebook for them to put their username and password and return that data to us.

It will give you an options of what you want to choose, choose option 1 which is for social engineering. And then choose option 2 for website attack vectors, Then 3 for credential harvester attack method. Since we want to make a copy of a legitimate website, choose option 2 which is for site cloner.

If you don’t have a certain IP address that you want it to use, just let it be empty and enter, it will use the default IP address of your kali linux, if you are not sure of the IP address of your kali linux, you can try to type Ifconfig in the terminal. And then when you are asked about which website you want to clone, you can try with https://www.facebook.com
If it ask you if you want to disable apace, just type Y

After you are done setting up, open your browser or firefox in kali linux, and type your IP address in the search engine. It will show you a copy of the login page of facebook. Try typing a fake username and password, after you pressed log in, try checking your terminal, and you will be able to see the username and password that you typed.

On some version of the setoolkit, you may not be able to see the username or password that you typed, in that case, you can try other website.