Dns Spoofing With Mark Iv

[thestudent]

Let's say that I have a dns spoof running that is redirecting traffic to my facebook.com phishing page. Is it possible once I've grabbed my intended data(username and password) that instead of redirecting to an error page or something like that, that I can use the actual IP address and redirect traffic back to the real website? Or would my dns spoof continuously catch request to that page? I don't think it would because I wouldn't be using a dns server if using the actual IP. Thanks in advance :D .

[Technoprenerd]

Hi thestudent,

I already wondered about that too. I think you will need to edit the error.php page, at the last part where there is javascript saying go back 1 page. That needs to be than the real page.

Client --> Pineapple --> DNS on pineapple --> Redirect to real page after credential grabbing.

I don't know about putting the grabbed credentials into the real page and log the clients in automatically.

Ps: The module Keylogger is being worked on ATM by WhistleMaster. Maybe want to check that out, with the ettercap magic.

Edit:

The Javascript code to go to the real page will only work for one page. So we'll need some PHP code also, to distinguish between pages (I don't know about those codes). Probably with the HTTP_REFERER, and code something around that.

Edited April 13, 2012 by vlek007

[NotTheFed]

it is possible if the realsite you wish has child domains..

http://forums.hak5.org/index.php?showtopic=25892&st=0

look into that... I have many pages that work. SOME times the DNS spoof loops if the target refers back to the parent domain for content..ect

NTF

[skimpniff]

Just use the social engineering toolkit (SET) and don't re-invent the wheel. I talk bout it more in my post here:

http://forums.hak5.org/index.php?showtopic=26845