AussieKlutz Posted August 10, 2012 Share Posted August 10, 2012 I have been trying to configure dnsspoof to provide one ip on a global wildcard and another for a specific domain. I tried with a config of: 172.16.42.1 * 172.16.42.208 example.com thinking it would fall through. After a bunch of testing and finding dnsspoof.c, it appears that a wildcard overwrites all. I am not very well versed at c++, but I think a new dnsspoof is needed that will provide the ip for the first match only, enable blacklisting on ip's and mac's of clients (so you can still get online) and of domains. What do you guys reckon? Am I missing something? Does a better dnsspoof already exist? Here is the source I found: http://www.koders.com/c/fid68F234C7F4AC49441E468F645E43ABB3C8665B65.aspx Quote Link to comment Share on other sites More sharing options...
PineDominator Posted August 10, 2012 Share Posted August 10, 2012 I was wondering about using iptable rules to dnsspoof if that is at all possible? I was thinking insteas of redirecting everyone on the pineapple do it on a per client bassis. maybe a module that controls it. I wonder if that would do what your looking for? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted August 10, 2012 Share Posted August 10, 2012 That would be an interesting project, plus I don't think the current DNS-Spoofing utility does what you are after. Quote Link to comment Share on other sites More sharing options...
sober Posted August 10, 2012 Share Posted August 10, 2012 (edited) would be interesting to see if you can assign ips a "host file" as it were that takes precedence over the standard, something i will look into another time when its not 2 am. /etc/dsniff/dnsspoof.hosts --> Sample hosts file.[4] If no hostfile is specified, replies will forged for all address queries on the LAN with an answer of the local machine’s IP address. never played with dns sniff, will in the morning, but perhaps there is a way to have multiple host files, and to specify specific clients access via mac or ip basic command # dnsspoof -f spoofhosts.txt host 192.168.1.245 and udp port 53 could you do something like # dnsspoof -f 1.txt host (client 1 ip) and udp port 53 # dnsspoof -f 2.txt host (client 2 ip) and udp port 53 something like that? i get the following from this article http://tournasdimitr...spoof-on-linux/ which makes me think you could in theory craft multiple host files and manually assign to targets. edit: guess this post more for peter then op lol, the question interested me and its something i would want Edited August 10, 2012 by sober Quote Link to comment Share on other sites More sharing options...
AussieKlutz Posted August 10, 2012 Author Share Posted August 10, 2012 (edited) I suppose I've gotten used to other tools which either: Fall through a rule set until a match is found then quit, or Go through the rules and apply the last one that matches. Dnsspoof seems to do the latter, (created multiple rules for the same domain, and the last ip was returned from nslookup against the pineapple) however it also places global wildcards [172.16.42.1 *] of higher precedence than all other rules, meaning you cannot override a global wildcard. The only method i've found so far to make it work is to make a wildcard for each tld. They dont appear to take precedence over more specific rules then. Edited August 10, 2012 by AussieKlutz Quote Link to comment Share on other sites More sharing options...
Neworld Posted August 10, 2012 Share Posted August 10, 2012 (edited) Hmmm.... Try putting "172.16.42.1 *example.com" before "172.16.42.1 * " It seems the first one over rules the second, this may solve your problem... Should look like this 172.16.42.1 *example.com172.16.42.1 *[/CODE]See if that works... and if you want to add more exceptions then just put those before "172.16.42.1 * " as well.Report back please :D Edited August 10, 2012 by Neworld Quote Link to comment Share on other sites More sharing options...
01000010 Posted August 10, 2012 Share Posted August 10, 2012 (edited) Isnt the pineapple running dnsmasq as a dns nameserver? If that is the case could we just add it to the hosts file since we control the router? Edited August 10, 2012 by leapole Quote Link to comment Share on other sites More sharing options...
AussieKlutz Posted August 11, 2012 Author Share Posted August 11, 2012 #Neworld I have tried that one. If you write several rules that match your target domain, it is the last rule that returns... EXCEPT when you use a global wildcard. 1.1.1.1 1.com 2.2.2.2 *.1.com 3.3.3.3 *.com 4.4.4.4 *.1.com 5.5.5.5 1.com returns 3.3.3.3 no matter what leapole thats a good workaround, however I think I'll have a go re-implementing dnsspoof anyway. I could add more functionality then. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.