redirecting an ip request to an ip on the LAN

[wrussprince]

The title states it all.

I'm using Kali Linux (i do have a Pineapple if it would make it easier) and i would like for when someone types in www.Football.com (for example) on my LAN, that they be redirected to an ip address that i have set up in my local network.

I can redirect all traffic on the local network. I'm just not sure how to redirect only traffic that has key words in their DNS, google search, or etc

I'm still learning, but i have come a long way over the last year; and i think i'm ready for the next level. i just need help being pointed in the right direction, or perhaps i need to learn how to use an application in Kali or on the pineapple. I feel as if i'm not be looking in the right areas to find the answers i seek.

Any help would be great.

Thanks again,

Wrussprince

[GuardMoony]

First of all post in the right place.

2nd is it just full/subdns names? or is it like everything with the word "foot" in the dnsname needs to be redirected?

case 1 just run a dns server for the lan ?

case 2 probaly gone need a proxy to filter this stuff ? ( case 1 can also be done by this, but is more work if its only a few DNS names )

[wrussprince]

i'm new at this and i never seem to be able to ask any questions in the right place. I hope to improve in that in the near future.

i had hoped to only redirect when the request was "www.football.com". i don't want it to redirect if the request would be "www.football.gov" or foot in the name and etc. I want the request to be a true request for that site. And redirect it to an ip address on the LAN/subnet……..i just want to be listening/searching for that DNS request(www.football.com); when it is detected, the attack will redirect to the an ip address on the local network.

I can redirect all traffic on a local network, but not sure how to be selective in the process.

I will read over "proxy to filter" tomorrow. thanks for your help.

I'm sorry about the location of this post.

cheers

[ctrain]

You can redirect the dns queries by addeding a static dns entry in your routers dns settings for www.football.com -> 192.168.?.? depending upon your redirected computers IP address.

Also if your router does not support static dns entries you can install bindns server to your kali linux machine and create a caching dns server with some static entries. You will have to alter the dhcp settings on the router to tell the clients that the dns server is now the ip of the kali linux computer. Guides for creating a bindns server can be found from a basic google search.

Hope this helps.

[vector]

you should look into a fun little tool called dnschef.

[digip]

DNS redirects for full domain names is one thing, which could be done using a local DNS server, but words they search for would need something a bit more intrusive like a proxy or deep packet inspection / firewall to filter things. Squid I believe can do keyword filtering, but it might be even easier if you set the home router to OpenDNS and then sign up with a free account, and add words you want to filter and block people from accessing, like kids trying to search xxx in google. If its done over https though, you'd need to be able to serve your own certificates to intercept and read traffic since that would all be encrypted and you wouldn't be able to see what people are searching for.

modem -> IPS/IDS/DNS/Firewall/Proxy box doing deep packet inspection and redirects with two nics, one to modem, one to gateway/router/switch -> router/switch -> lan nodes

That is the way I would set it up. Not exactly sure how or what to use, but thats how I see it in my head.