Jump to content

Recommended Posts

Posted

Let's say that I have a dns spoof running that is redirecting traffic to my facebook.com phishing page. Is it possible once I've grabbed my intended data(username and password) that instead of redirecting to an error page or something like that, that I can use the actual IP address and redirect traffic back to the real website? Or would my dns spoof continuously catch request to that page? I don't think it would because I wouldn't be using a dns server if using the actual IP. Thanks in advance :D .

Posted (edited)

Hi thestudent,

I already wondered about that too. I think you will need to edit the error.php page, at the last part where there is javascript saying go back 1 page. That needs to be than the real page.

Client --> Pineapple --> DNS on pineapple --> Redirect to real page after credential grabbing.

I don't know about putting the grabbed credentials into the real page and log the clients in automatically.

Ps: The module Keylogger is being worked on ATM by WhistleMaster. Maybe want to check that out, with the ettercap magic.

Edit:

The Javascript code to go to the real page will only work for one page. So we'll need some PHP code also, to distinguish between pages (I don't know about those codes). Probably with the HTTP_REFERER, and code something around that.

Edited by vlek007
  • 2 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...