Need Better Dnsspoof

[AussieKlutz]

I have been trying to configure dnsspoof to provide one ip on a global wildcard and another for a specific domain.

I tried with a config of:

172.16.42.1 *

172.16.42.208 example.com

thinking it would fall through. After a bunch of testing and finding dnsspoof.c, it appears that a wildcard overwrites all.

I am not very well versed at c++, but I think a new dnsspoof is needed that will provide the ip for the first match only, enable blacklisting on ip's and mac's of clients (so you can still get online) and of domains.

What do you guys reckon? Am I missing something? Does a better dnsspoof already exist?

Here is the source I found:

http://www.koders.com/c/fid68F234C7F4AC49441E468F645E43ABB3C8665B65.aspx

[PineDominator]

I was wondering about using iptable rules to dnsspoof if that is at all possible? I was thinking insteas of redirecting everyone on the pineapple do it on a per client bassis. maybe a module that controls it.

I wonder if that would do what your looking for?

[Infiltrator]

That would be an interesting project, plus I don't think the current DNS-Spoofing utility does what you are after.

[sober]

would be interesting to see if you can assign ips a "host file" as it were that takes precedence over the standard, something i will look into another time when its not 2 am.

/etc/dsniff/dnsspoof.hosts --> Sample hosts file.[4] If no hostfile is specified, replies will forged for all address queries on the LAN with an answer of the local machine’s IP address.

never played with dns sniff, will in the morning, but perhaps there is a way to have multiple host files, and to specify specific clients access via mac or ip

basic command

# dnsspoof -f spoofhosts.txt host 192.168.1.245 and udp port 53

could you do something like

# dnsspoof -f 1.txt host (client 1 ip) and udp port 53

# dnsspoof -f 2.txt host (client 2 ip) and udp port 53

something like that?

i get the following from this article

http://tournasdimitr...spoof-on-linux/

which makes me think you could in theory craft multiple host files and manually assign to targets.

edit: guess this post more for peter then op lol, the question interested me and its something i would want

Edited August 10, 2012 by sober

[AussieKlutz]

I suppose I've gotten used to other tools which either:

Fall through a rule set until a match is found then quit,

or

Go through the rules and apply the last one that matches.

Dnsspoof seems to do the latter, (created multiple rules for the same domain, and the last ip was returned from nslookup against the pineapple) however it also places global wildcards [172.16.42.1 *] of higher precedence than all other rules, meaning you cannot override a global wildcard.

The only method i've found so far to make it work is to make a wildcard for each tld. They dont appear to take precedence over more specific rules then.

Edited August 10, 2012 by AussieKlutz

[Neworld]

Hmmm.... Try putting "172.16.42.1 *example.com" before "172.16.42.1 * "

It seems the first one over rules the second, this may solve your problem...

Should look like this

172.16.42.1 *example.com
172.16.42.1 *
[/CODE]

See if that works... and if you want to add more exceptions then just put those before "172.16.42.1 * " as well.

Report back please :D

Edited August 10, 2012 by Neworld

[01000010]

Isnt the pineapple running dnsmasq as a dns nameserver? If that is the case could we just add it to the hosts file since we control the router?

Edited August 10, 2012 by leapole

[AussieKlutz]

#Neworld I have tried that one. If you write several rules that match your target domain, it is the last rule that returns... EXCEPT when you use a global wildcard.

1.1.1.1 1.com

2.2.2.2 *.1.com

3.3.3.3 *.com

4.4.4.4 *.1.com

5.5.5.5 1.com

returns 3.3.3.3 no matter what

leapole thats a good workaround, however I think I'll have a go re-implementing dnsspoof anyway. I could add more functionality then.