Jump to content

DNS spoof not spoofing the DNSes


barry99705

Recommended Posts

I removed the ^M as well. No go. :( I was looking forward to sending my daughter to kittenwarz everytime she tried to pull up a Justin Beiber video. Guess I will just have to keep using Network Spoofer on my android until this gets fixed.

Link to comment
Share on other sites

  • Replies 73
  • Created
  • Last Reply

Top Posters In This Topic

Hello Sebkinne,

I am unable to get randomroll to work as well. I will keep messing with it. Mostly playing with aircrack now anyhoo.

Danke

Dnsspoof works fine, but there are ways to improve it that are coming soon. Take a look at how successful the randomroll infusion is!

Link to comment
Share on other sites

Hello Sebkinne,

I am unable to get randomroll to work as well. I will keep messing with it. Mostly playing with aircrack now anyhoo.

Danke

Might try resetting the pineapple back to factory, then installing the update infusions. I had some issues at first too, but for the most part it's straightened itself out.

Now if we could get an auto start dns spoof checkbox.... ;)

Edited by barry99705
Link to comment
Share on other sites

Thank you for the tip. I will give it a try.

Might try resetting the pineapple back to factory, then installing the update infusions. I had some issues at first too, but for the most part it's straightened itself out.

Now if we could get an auto start dns spoof checkbox.... ;)

Link to comment
Share on other sites

  • 1 month later...

any updates on this fix? i have spent 10+ hours trying to get this to work and read every DNS related thread on here

i have no ^M types of characters anywhere.

when i ping facebook.com from my victim PC it pings to the pineapple but then the normal page is displayed anyway.

Thanks guys great forum here

Are you on the latest firmware?? That should have been fixed a while ago!

Link to comment
Share on other sites

  • 1 month later...

I'm also having problems getting DNS spoofing to work. I have no ^M characters. When I turn on DNS spoofing on I can no longer browse anything except google. I've cleared the browsing history and the problem is the same.

Are you on the latest firmware? What's your dns spoof settings look like?

Link to comment
Share on other sites

I also cannot get DNS spoof to work properly. I am on the latest firmware.

my spoof seetings are:

172.16.42.1 64.64.4.109

also checked for the ^M's in those files mentioned previously, none there. I modified the DHCP file to exclude the last 2 lines, but it did not change the situation. The weird thing is, I can see the next hop on the target machine to be 64.64.4.109 in tracert, but the browser usually takes a little longer to load, then goes straight to the requested page (IE yahoo.com). I did not specify a DNS server on the target machine at all, so it should all be coming from the pineapple.

I've also noticed that the randomroll infusion only seems to work part of the time. My target can get to facebook, google, but the redirect will happen with reddit (cleared cache and browsed to sites I've never been to, same results)

I should also mention that I never really got DNSspoof to work properly on the Mark IV, so it could be me being a complete n00b, although I never had issues with randomroll on Mark IV.

Edited by genghis_tron
Link to comment
Share on other sites

GT,

Why are you using an IP address instead of the Name of the website you'd like redirected? Seems like the format should be 172.16.42.1 www.websitename.com or 172.16.42.1 *websitename.com (to catch all the possible beginnings).

Pretty sure the only time you need an IP address instead of the name is when the IP address come first like when you want to send all traffic to bing.com you would have the IP address of bing and then the * like xxx.xxx.xxx *

And Random Roll won't work on https websites...

Link to comment
Share on other sites

I've had problems with this as well. One thing I noticed is out of the box with updates, my Mk.V DNS spoofs just fine assuming the target doesn't have the spoofed site cached. However installing and running nodogsplash breaks DNSspoof. Not sure the exact reason, but I suspect it's due to the tutorial having you change a setting from port 80 to 8080. I nailed this down after reflashing the pineapple twice after having this happen. The second time around I tested to see if it worked, which it did, then installed and ran nodogsplash and from that point on, even with nodogsplash disabled, it fails. It will either not spoof or spoof but not load the test page on the pineapple.

Also, hi, been lurking a while but first post.

Link to comment
Share on other sites

GT,

Why are you using an IP address instead of the Name of the website you'd like redirected? Seems like the format should be 172.16.42.1 www.websitename.com or 172.16.42.1 *websitename.com (to catch all the possible beginnings).

Pretty sure the only time you need an IP address instead of the name is when the IP address come first like when you want to send all traffic to bing.com you would have the IP address of bing and then the * like xxx.xxx.xxx *

And Random Roll won't work on https websites...

I have also tried the web address with the same results. And I fogot about the HTTPS on randomroll.

Link to comment
Share on other sites

  • 1 month later...

First I would like to say thank you to the wifi pineapple crew for their efforts. This forum is great. I am also having issues with some of the infusions. The randomroll infusion worked a two times and now it just forwards to the real site. Is randomroll broken? I just received my pineapple yesterday and the sd card was bunk and had to unbrick it from the get go so I hope that reflashing the factory image is not the answer. Randomroll doesn't work for me on ipad(used chrome and safari), xubuntu(used firefox and chromium), macbook(safari,chrome), galaxy s3(android browser). Helpzos pleazos. I am only using the web UI for randomroll.

Link to comment
Share on other sites

e5iw,

No, RandomRoll is not broken. So first, make sure you are on firmware 1.1.1 and have done all the latest updates. Then, tell us the steps of what you do for RandomRoll. I ask because you have to go into the infusion and select/apply the rolls you want to see first and then hit start. Then to shut it off you go back into the big tile turn it off and then unselect all Rolls. Again, it's not going to work on https sites and if the device/browser you are using has the page cached it might not work correctly.

Link to comment
Share on other sites

e5iw,

No, RandomRoll is not broken. So first, make sure you are on firmware 1.1.1 and have done all the latest updates. Then, tell us the steps of what you do for RandomRoll. I ask because you have to go into the infusion and select/apply the rolls you want to see first and then hit start. Then to shut it off you go back into the big tile turn it off and then unselect all Rolls. Again, it's not going to work on https sites and if the device/browser you are using has the page cached it might not work correctly.

Thank you thesugarat,

I will check and see if I am on the latest firmware. I go into the infusion I check off the rolls apply the rolls and then start random roll, but I still get the right webpage instead of the roll. Thanks for being so fast. This forum is great because of all the dedicated people like yourself helping us noobs.

Cheers,

e5iw

Link to comment
Share on other sites

  • 3 months later...

OK, I am having an issue as well:
With this setup, starwars.com properly redirects to starwars.com/calvin.htm

When I goto 172.16.42.1/calvin.htm, IT works

When i goto http://twitter.com it goes to https://twitter.com/redirect.php then fails to load anything

When I goto 172.16.42.1/twitter.htm it goes to https://twitter.com/redirect.php then fails to load anything

Why is this happening?

I am on the latest firmware 1.4.1 for Pineapple 2 Mark V

It does this when karma is on or off. and sslstrip on or off.

There are no ^M characters or anything of the sort (verified with nano, ssh)

I setup a dnsspoof using the built-in dnsspoof. It is setup like this:

spoofhost file:

172.16.42.1 *starwars.com
172.16.42.1 *twitter.com

redirect.php

<?php
	$ref = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; 

	if (strpos($ref, "starwars")){
	      header('Status: 302 Found');
		header('Location: calvin.htm');
	}
       if (strpos($ref, "twitter")){
	      header('Status: 302 Found');
		header('Location: twitter.htm');
	}
	require('error.php');

?>

all files were modified using the writeup here : https://forums.hak5.org/index.php?/topic/32613-tutorial-dnsspoof-with-the-pineapple-mark-v/

Any Help would be helpful.

Link to comment
Share on other sites

Seems to be a problem with dnsspoof on 1.4.1. Verified and send a potential patch to Seb. We'll push an update asap.

Edit: My issue was isolated. Couldn't reproduce. It wasn't a bug with 1.4.1 as tested with fresh fruit. Nor an incompatibility with an installed infusion.

What do you get when you issue the following directly via SSH?

dnsspoof -i br-lan -f /etc/pineapple/spoofhost

Link to comment
Share on other sites

Seems to be a problem with dnsspoof on 1.4.1. Verified and send a potential patch to Seb. We'll push an update asap.

Edit: My issue was isolated. Couldn't reproduce. It wasn't a bug with 1.4.1 as tested with fresh fruit. Nor an incompatibility with an installed infusion.

What do you get when you issue the following directly via SSH?

dnsspoof -i br-lan -f /etc/pineapple/spoofhost

I get "dnsspoof: listening on br-lan [udp dst port 53 and not src 172.16.42.1]"

It stays there and does not do anything else.

Link to comment
Share on other sites

  • 6 months later...

Some people actually got it to work. Unfortunately, I'm not one. :)

I know it is not very useful because of HSTS but I think it would be great to learn it. Can anyone recommend a working tutorial for beginners. I've seen many here in the forum but they seem to have issues.

Anyway, any suggestion would be greatly appreciated.

Thanks guys!!

Link to comment
Share on other sites

  • 2 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...