Andrei0427 Posted March 6, 2012 Share Posted March 6, 2012 (edited) I was playing around with a phishing script I had made some time ago with PHP and noticed that the www.facebook.com AND facebook.com are treated differently with ettercap's DNS_SPOOF filter. So I setup the script to forward to www.facebook.com whist having the DNS spoofed on facebook.com only. This will cause an automatic redirection to the user's real profile. This only works if the victim types "facebook.com" in the address bar, so the probability of this working is slightly slimmed down. Obviously this will only work if the user has a 'remember me' ticked on the computer beforehand, which is mostly the case. Heres a vid. demo.. I can post the source/method here upon request :) Edited March 6, 2012 by Andrei0427 Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.