bmccutch Posted June 13, 2011 Share Posted June 13, 2011 Hello, I am pretty new with man in the middle attacks but i know how to use arpspoof and stripssl to capture passwords. I was wondering if it was possible to use this to "fake" certain webpages like redirecting them to another page? thanks Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted June 13, 2011 Share Posted June 13, 2011 yes, DNS spoofing. Or if you are MITM you can do whatever you want. Quote Link to comment Share on other sites More sharing options...
bmccutch Posted June 14, 2011 Author Share Posted June 14, 2011 I looked into dnspoof and did not have much luck getting it to work but i did not have much time to test it out, and i am also getting a wifi pineapple in a few days i was wondering if this was already covered somewhere else? Quote Link to comment Share on other sites More sharing options...
i8igmac Posted June 14, 2011 Share Posted June 14, 2011 (edited) Once you figure out dnspoof, check out SET website cloner with java ap, reverse meterpreter Edited June 14, 2011 by i8igmac Quote Link to comment Share on other sites More sharing options...
bmccutch Posted August 3, 2011 Author Share Posted August 3, 2011 Once you figure out dnspoof, check out SET website cloner with java ap, reverse meterpreter alright ill give that a go sometime, thanks Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted August 6, 2011 Share Posted August 6, 2011 Hello, I am pretty new with man in the middle attacks but i know how to use arpspoof and stripssl to capture passwords. I was wondering if it was possible to use this to "fake" certain webpages like redirecting them to another page? thanks You can use Cain and Able to redirect victims to other websites, or a fake website if you will. Quote Link to comment Share on other sites More sharing options...
hellonewman Posted August 9, 2011 Share Posted August 9, 2011 Check out SET (social engineering toolkit). Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted August 9, 2011 Share Posted August 9, 2011 Check out SET (social engineering toolkit). Check blog post how to update it. There was an issue with the trunk/branch. http://www.secmaniac.com/august-2011/set-subversion-issues-important-read/ Quote Link to comment Share on other sites More sharing options...
hellonewman Posted August 9, 2011 Share Posted August 9, 2011 Check blog post how to update it. There was an issue with the trunk/branch. http://www.secmaniac.com/august-2011/set-subversion-issues-important-read/ Thanks for sharing. Quote Link to comment Share on other sites More sharing options...
Tombo Posted January 19, 2012 Share Posted January 19, 2012 You can use Cain and Able to redirect victims to other websites, or a fake website if you will. This has interested me greatly! I suppose I would say I'm new to 'hacking' but in all truth I have been playing around with things like cain and abel and SET for about a year with varied results ;) When using SET I've found the most difficult thing to do is push my credential harvester to the target pc; I've had to hit up my IP in their browser when they're not looking etc. How would I use cain and abel (or any other alternate method) to redirect victims to my IP? Cheers, Tombo Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted January 20, 2012 Share Posted January 20, 2012 There's a lot of ways to do that. The victims router could be compromised by relying on a phony DNS server (that you'd create) that would redirect to whatever IP you want for whatever purpose. DNS could be spoofed MITM style on/outside of LAN. ISP/LAN DNS cache could be poisoned. The victims hosts file could be compromised. A browser could be infected. Probably many other ways too. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted January 20, 2012 Share Posted January 20, 2012 (edited) This has interested me greatly! I suppose I would say I'm new to 'hacking' but in all truth I have been playing around with things like cain and abel and SET for about a year with varied results ;) When using SET I've found the most difficult thing to do is push my credential harvester to the target pc; I've had to hit up my IP in their browser when they're not looking etc. How would I use cain and abel (or any other alternate method) to redirect victims to my IP? Cheers, Tombo Edited January 20, 2012 by Infiltrator Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.