Mark V Problems and questions, to admin.. Facebook login (app deleted to login)

[phonoent]

I have spent the better part of yesterday watching every video and reading every piece of documentation on the Mark V. I have went about flashing the unit to fix the problems as well however I haven't had much luck.

Currently, I am doing some practice phishing examples that I will be able to show in my tech class. I have created the pages off the standard phish-pineapple.zip and have also tried all the changes in the forums that were listed.

I cannot get sslstrip to work with facebook, it will half the time show up after waiting a good 5 to 10 minutes which I heard from reading, but then it seems like it will just reset back to the homepage, it won't event go to the page that I created when I enter facebook into the browser after resetting the cache. I am wondering if facebook is trying not to allow a standard connection and is trying to push it to ssl which sends it back to the home page.

DNsspoof, has yet to work on any of the examples I have tried. It seems as though its getting stuck at the second level directory instead of the www/

It seems like when I open the pages and run the commands normally at http://172.16.42.1:1471/facebook.html that it will send the files correctly, then it will try to send the redirect.php. I am wondering what I could be doing wrong to not let this work at all. Because this won't send to peets default page or a error page, it will just allow the page to connect directly to the internet as I have it set up for running in client mode as I am on a mac.

I was also hoping to give an example of how to take the information sent in the forms and send it to the real page for auto login of such. I have spent a lot of time researching but have had no luck in seeing any such examples. So enter to fake page, copies the forms and sends to over to the real page and hits the enter.

All the help I could get is much appreciated.

[Foxtrot]

First of all, The phish-pineapple archieve is god old.

Second of all, I think you should read the PSA in the Mark IV forums.

[phonoent]

Foxtrot, I am more interested in a proof of concept for the later of the message. I am doing this for a networking class to show different attacks and examples to get these kids interested. I have read the PSA, and I am not asking for files or what not, that can all be done in kali linux no problem nor am I looking for a complete way to go about all that. I am asking about why two main features of the mark 5 are not working for any test I have used it for. Why would the sslstrip interfere with the dnsspoof? Why is the dnsspoof not working at all on the root directory of the www? I'd take any examples or test pages, it doesn't have to be a phishing page.

Edited January 5, 2014 by phonoent

[Foxtrot]

SSLStrip and DNSSpoof intefere. Thats the nature of the beast if your running them both on the same interfaces.

If DNSSpoof isnt working, then you are configuring it wrong little doubt.

[Mr-Protocol]

I'm a little confused about what is going on. Are you trying to use them together or independently?

If you are trying to DNSSpoof people to your facebook fishing page and remove SSL and pass it to the real facebook.com, that will not work. Your DNSSpoof will trap all the facebook.com requests, even ones you may want to go out.

[phonoent]

THANK YOU. Can you tell me what other infusions conflict with each other?

[phonoent]

I was trying to use the two infusions together, which I am seeing could conflict now. I was trying to strip the ssl and use the dnsspoof to manage the other pages that were created. I guess I can just use ssl strip in theory.

However when I use ssl strip, the page continues to loop back to the homepage, even though the credentials are set to in the log of sslstrip, I can see that it goes to the facebook.com home page and then redirects back to the login screen.

I wanted to be able to create a page that could send credentials to the real page with dnsspoof, but I think that is almost too complicated of an example to show.

[mreidiv]

@phonoent

you don't work at ITT-Tech by any chance?

Edited January 5, 2014 by mreidiv

[Kyle_xy]

I am not an expert but i have some understanding with the two programs and maybe i can shed light through a not-so-technical way. also for people who want to get started with these two

SSLSTRIP will convert the https (which is secure) into an http (in which the user and pass can be read as text). you will still go to your desired site (ex facebook) but in a different path.

DNS spoof will direct you to a different location if a condition is met (example if it sees "facebook" in the url box). if you want to go to facebook, you can be directed to yahoo instead.as long as it sees "facebook" in the url, it will be directed to that page

now using both in wifipinapple will have a conflict because when dns spoof kicks in, it will see that the condition is met ("facebook" word in the url) and will direct the user to a page inside the wifi pineapple and not the actual facebook site.even though the request has gone past the dns program and is going towards the real facebook page, since it has "facebook" in the url, it will go back to the cloned page

you can have a clone of the facebook page inside the wifipineapple and it will show up without a hitch. but once you click the login button, if you do not have a java script to point you to the real facebook, you will get stuck in the page that is saved in the wifi pineapple. this one i am currently studying.i cannot get past this also

without a java script

User -> wifi pineapple -> sslstrip (causes you to use HTTP instead of HTTPS) -> DNS spoof -> Cloned facebook page

with a java script

User -> wifi pineapple -> sslstrip -> DNS spoof -> cloned facebook page -> java script -> real facebook login page -> actual fb account

in any case, both will have a conflict. so either strip it or spoof it. but not both

[NullNull]

You can Lookup facebook ip and redirect the "client" to that ip.

But i do not think dnsspoof will redirect https trafic even with the sslstrip at the first place!

[Mr-Protocol]

DNS is words to IP basically. So protocols and connection types don't matter with applications. They are just looking up the address.

[NullNull]

if you type 173.252.110.27 at your url bar and dnsspoof is running with 172.16.42.1 *facebook.com will redirect the traffic?? :/

[Mr-Protocol]

if you type 173.252.110.27 at your url bar and dnsspoof is running with 172.16.42.1 *facebook.com will redirect the traffic?? :/

One way to find out. Go for it and test it and share the results. The issue you may run into is your computer's DNS cache.