Jump to content

DNS spoof not spoofing the DNSes


barry99705

Recommended Posts

Weird. At the moment I have everything forwarding to bing, cause I'm evil like that and it's still not working. Checked the file with nano and it's good, no ^M's anywhere. Even reset to stock again, just to be sure, still no joy. Seb's flying home, so I'm sure he'll check up on it once he gets back to normal.

Link to comment
Share on other sites

  • Replies 73
  • Created
  • Last Reply

Top Posters In This Topic

Weird. At the moment I have everything forwarding to bing, cause I'm evil like that and it's still not working. Checked the file with nano and it's good, no ^M's anywhere. Even reset to stock again, just to be sure, still no joy. Seb's flying home, so I'm sure he'll check up on it once he gets back to normal.

That *is* evil! ;)

Sounds like something is flaky anyhow. I didn't use any wild cards in my entries and at least the redirect happened, so maybe there's a clue there, but yeah, looking forward to seb solving the mystery for sure. :)

Link to comment
Share on other sites

Hey, any solution to this one yet? well I figured out that if you use the web UI to start DNSSPOOF then the following starts:

Screen_Shot_2013_10_24_at_06_17_40.png

But my master mode wlan0 should be set in the dnsspoof interface. When I try to run through the commandline:

dnsspoof -i wlan0 -f /etc/pineapple/spoofhost

it seems to work, but then it fails again. Any idea what should be done?

Link to comment
Share on other sites

Hey, any solution to this one yet? well I figured out that if you use the web UI to start DNSSPOOF then the following starts:

Screen_Shot_2013_10_24_at_06_17_40.png

But my master mode wlan0 should be set in the dnsspoof interface. When I try to run through the commandline:

dnsspoof -i wlan0 -f /etc/pineapple/spoofhost

it seems to work, but then it fails again. Any idea what should be done?

+1 Here as well. It works the first time, then doesn't work on any subsequent requests. Wondering if the real IP is being cached. Started up my Fedora box and pointed my DNS to the Pineapple and no other. I then made up a website I never accessed; testtest.com. It worked the first time, then the second time it went to the real website.

Link to comment
Share on other sites

Bumpity bump.

Seb? Darren?

Can either of you weigh in on this issue? It seems there is definitely something amiss with DNSspoof beyond fixing the built-in editor (a la the MKIV issue) to stop inserting ^M at the end of each line when saving an edited .conf file.

I'm out of ideas on this one.

Link to comment
Share on other sites

I am connected on my desktop on the new wifi pineapples mark 5 wifi - the mark 5 is connected to my laptop.
DNS Spoof isn't working (I previously made a thread about this but got moved over here).
If you read my last thread i mentioned that all i changed on this new mark 5 was the redirect.php which i had done and used the the mark 4 without any problems.
I also checked the spoofhost for any extra characters and there is none.

While connected to the pineapples wifi i can surf the web without any issue whatsoever, dnsspoof is turned on but does not redirect pages.

Opening up a terminal and pinging a non-spoofed website says:

systemcrash86@SystemCrash86:~$ ping www.google.com
PING www.google.com (31.55.167.217) 56(84) bytes of data.
64 bytes from 31.55.167.217: icmp_seq=1 ttl=57 time=23.9 ms
From 172.16.42.1: icmp_seq=2 Redirect Host(New nexthop: 172.16.42.42)
From 172.16.42.1 icmp_seq=2 Redirect Host64 bytes from 31.55.167.217: icmp_seq=2 ttl=57 time=22.5 ms
From 172.16.42.1 icmp_seq=3 Redirect HostFrom 172.16.42.1: icmp_seq=3 Redirect Host(New nexthop: 172.16.42.42)
From 172.16.42.1 icmp_seq=4 Redirect Host64 bytes from 31.55.167.217: icmp_seq=3 ttl=57 time=22.5 ms
From 172.16.42.1 icmp_seq=5 Redirect HostFrom Pineapple.lan (172.16.42.1): icmp_seq=4 Redirect Host(New nexthop: 172.16.42.42)
From 172.16.42.1 icmp_seq=6 Redirect Host64 bytes from 31.55.167.217: icmp_seq=4 ttl=57 time=22.6 ms
From 172.16.42.1 icmp_seq=7 Redirect HostFrom 172.16.42.1: icmp_seq=5 Redirect Host(New nexthop: 172.16.42.42)
^CFrom 172.16.42.1 icmp_seq=8 Redirect Host
--- www.google.com ping statistics ---
8 packets transmitted, 4 received, +7 errors, 50% packet loss, time 75279ms
rtt min/avg/max/mdev = 22.543/22.929/23.974/0.632 ms, pipe 4
systemcrash86@SystemCrash86:~$


While pinging a spoofed website for example facebook says:

systemcrash86@SystemCrash86:~$ ping www.facebook.com
PING star.c10r.facebook.com (31.13.80.33) 56(84) bytes of data.
64 bytes from edge-star-shv-03-cdg1.facebook.com (31.13.80.33): icmp_seq=1 ttl=82 time=38.6 ms
From 172.16.42.1: icmp_seq=2 Redirect Host(New nexthop: 172.16.42.42)
From 172.16.42.1 icmp_seq=2 Redirect Host64 bytes from edge-star-shv-03-cdg1.facebook.com (31.13.80.33): icmp_seq=2 ttl=82 time=37.3 ms
From 172.16.42.1 icmp_seq=3 Redirect HostFrom 172.16.42.1: icmp_seq=3 Redirect Host(New nexthop: 172.16.42.42)
From 172.16.42.1 icmp_seq=4 Redirect Host64 bytes from edge-star-shv-03-cdg1.facebook.com (31.13.80.33): icmp_seq=3 ttl=82 time=37.4 ms
From 172.16.42.1 icmp_seq=5 Redirect HostFrom 172.16.42.1: icmp_seq=4 Redirect Host(New nexthop: 172.16.42.42)
^CFrom 172.16.42.1 icmp_seq=6 Redirect Host
--- star.c10r.facebook.com ping statistics ---
6 packets transmitted, 3 received, +5 errors, 50% packet loss, time 41155ms
rtt min/avg/max/mdev = 37.374/37.814/38.660/0.638 ms, pipe 3
systemcrash86@SystemCrash86:~$


I am stuck, i have no idea how to fix this

Link to comment
Share on other sites

UPDATE

Ok after trying to fix this with no success I went on my laptop and booted up Kali Linux and connected the pineapple to it.
Then in Kali Linux I opened up a virtual machine of windows xp - unpatched, its what I use test with in Kali Linux.
I turned on DNS Spoof on the pineapple expecting to have no effect like before and I loaded up internet explorer in my unpatched windows xp machine.
For some reason I cant explain it worked - I don’t know how it work but it did.

Why would it work in my unpatched windows xp virtual machine and nowhere else. My other operating systems include windows 7 and ubuntu 13.10 both fully patched and running the latest firefox browser and it doesn’t work

Link to comment
Share on other sites

SystemCrash86,

Can you post the results of ifconfig while you are in your normal DNSspoof config?

In Kali linux with my pineapple attached ifconfig is:

root@SystemCrash86:~# ifconfig

eth0 Link encap:Ethernet HWaddr 40:61:86:b6:42:58

inet addr:172.16.42.42 Bcast:172.16.42.255 Mask:255.255.255.0

inet6 addr: fe80::4261:86ff:feb6:4258/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:31062 errors:0 dropped:6 overruns:0 frame:0

TX packets:38866 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:3641875 (3.4 MiB) TX bytes:24519611 (23.3 MiB)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:65536 Metric:1

RX packets:89317 errors:0 dropped:0 overruns:0 frame:0

TX packets:89317 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:14934572 (14.2 MiB) TX bytes:14934572 (14.2 MiB)

wlan0 Link encap:Ethernet HWaddr 6c:62:6d:12:0a:c4

inet addr:192.168.1.65 Bcast:192.168.1.255 Mask:255.255.255.0

inet6 addr: fe80::6e62:6dff:fe12:ac4/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:21563 errors:0 dropped:0 overruns:0 frame:0

TX packets:15870 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:23393743 (22.3 MiB) TX bytes:1686932 (1.6 MiB)

root@SystemCrash86:~#

Link to comment
Share on other sites

ssh in and type ifconfig

oh yeah i forgot that, my mistake sorry

I ssh'd into the pineapple and typed if config:

root@Pineapple:~# ifconfig

br-lan Link encap:Ethernet HWaddr 00:13:37:A5:08:3A

inet addr:172.16.42.1 Bcast:172.16.42.255 Mask:255.255.255.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:3573 errors:0 dropped:846 overruns:0 frame:0

TX packets:2194 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:565512 (552.2 KiB) TX bytes:262303 (256.1 KiB)

eth0 Link encap:Ethernet HWaddr 00:13:37:A5:08:3A

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:3789 errors:0 dropped:68 overruns:0 frame:0

TX packets:2191 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:654908 (639.5 KiB) TX bytes:262121 (255.9 KiB)

Interrupt:4

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:658 errors:0 dropped:0 overruns:0 frame:0

TX packets:658 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:71448 (69.7 KiB) TX bytes:71448 (69.7 KiB)

wlan0 Link encap:Ethernet HWaddr 00:13:37:A5:08:3A

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:2265 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:0 (0.0 B) TX bytes:523303 (511.0 KiB)

Link to comment
Share on other sites

If your pineapple has two antennas built on it that's a Mk5 and each antenna is a different wlan. wlan1 is for directly connecting to the internet enabled AP of your choice. There are a couple of ways to do that, Configuration Tile and Client Mode tab or via the WiFi Manager Infusion. I'm just surprised it isn't in your ifconfig already, maybe it's in iwconfig.

Link to comment
Share on other sites

Yes its a mark 5 with two antennia's and i am able to turn on the wlan1 interface using the wifi manager infusion. I then ssh'd into the pineapple and issued the iwconfig command:

root@Pineapple:~# iwconfig
lo no wireless extensions.

wlan1 IEEE 802.11bg ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-Power=27 dBm
RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off

wlan0 IEEE 802.11bgn Mode:Master Tx-Power=18 dBm
RTS thr:off Fragment thr:off
Power Management:off

eth0 no wireless extensions.

br-lan no wireless extensions.

Link to comment
Share on other sites

Sebkinne,

You believe SystemCrash86 is experiencing the radio swap issue you guys are already working on? And that by fixing that problem the DNSspoofing should sort itself out accordingly?

Link to comment
Share on other sites

Solved - for me at least.

I have been experiencing the same issues as everyone else, I had the ^M's in my www/index.php and /etc/pineapple/spoofhost files. I deleted the ^M's and still could not get DNSSpoof to work.

However, once I replaced the existing www/redirect.php with the redirect.php file found at https://github.com/WiFiPineapple/web-interface/wiki/mk34dnsspoofguide Then my DNSSpoof problem was resolved.

There must be an issue with the PHP code in the www/redirect.php that is shipped with the MKV.

Here is the code I used in my www/redirect.php file to make DNSSpoof work:

<?php$ref = $_SERVER['HTTP_REFERER'];if (strpos($ref, “example”)){ header('Location: example.html'); }require('default.html');?>

Note - I did also create a file name example.html in the www folder.

Edited by Adamz
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...