daniboy92 Posted July 2, 2014 Share Posted July 2, 2014 Hello, When i set ON DNSSpoof and i type example.com (i have this file created with a "Hello World" inside) but it doesn't redirect me... When i type 172.16.42.1/example.html it shows me my fake web page... With or without DNSSpoof activate... But when i activate DNSSpoof doesn't redirect me to my fake page... I have lastest update firmware... Internet connection... i don't know why this is failing all time Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted July 3, 2014 Share Posted July 3, 2014 Seems to be a problem with dnsspoof on 1.4.1. Verified and send a potential patch to Seb. We'll push an update asap. Edit: My issue was isolated. Couldn't reproduce. It wasn't a bug with 1.4.1 as tested with fresh fruit. Nor an incompatibility with an installed infusion. What do you get when you issue the following directly via SSH? dnsspoof -i br-lan -f /etc/pineapple/spoofhost Quote Link to comment Share on other sites More sharing options...
daniboy92 Posted July 3, 2014 Author Share Posted July 3, 2014 Seems to be a problem with dnsspoof on 1.4.1. Verified and send a potential patch to Seb. We'll push an update asap. Edit: My issue was isolated. Couldn't reproduce. It wasn't a bug with 1.4.1 as tested with fresh fruit. Nor an incompatibility with an installed infusion. What do you get when you issue the following directly via SSH? dnsspoof -i br-lan -f /etc/pineapple/spoofhost Thanks for your answer Darren, I tried this command via SSH and it is the same... Doesn't redirect and doesn't spoof... What i do is: /etc/php.ini ; UNIX: "/path1:/path2" ;include_path = ".:/php/includes" doc_root = "" user_dir = extension_dir = "/usr/lib/php" enable_dl = On ;cgi.force_redirect = 0---> Change this two and set it to 0, before was 1. cgi.force_redirect = 0----> ;cgi.nph = 1 ;cgi.redirect_status_env = ; cgi.fix_pathinfo=1 ;fastcgi.impersonate = 1; ;fastcgi.logging = 0 ;cgi.rfc2616_headers = 0 Create a test.php in /www with: <?php phpinfo(); ?> written ---> To test a php info web. Then, type 172.16.42.1/test.php---> shows the web perfectly. Then: touch /www/example.html echo "Hello Mundo!" > example.html Then on my Chrome: 172.16.42.1/example.html Shows my web perfectly... Then i start via SSH or UI dnsspoof: and doesn't redirect me... Quote Link to comment Share on other sites More sharing options...
daniboy92 Posted July 3, 2014 Author Share Posted July 3, 2014 One more thing... When i install DNS UI my capacity for view my own test.php web disappear... After install dnsspoof UI it doesn't redirect me to 172.16.42.1/test.php and can't see test web. Quote Link to comment Share on other sites More sharing options...
daniboy92 Posted July 3, 2014 Author Share Posted July 3, 2014 This is ridiculous... After install my normal infusions (sslstrip, nmap, ettercap, randomroll (this doesn't work...), deauth, evilportal, opkgmanager) i lose completely the option to view via pineapples's IP my test.php and other test for dnsspoof... It's absolutely annoying and frustrating... I don't know how to set a validate configuration... Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted July 3, 2014 Share Posted July 3, 2014 Are you saying it's working before you install infusions then not afterwards? If so which infusion is breaking it? Quote Link to comment Share on other sites More sharing options...
daniboy92 Posted July 3, 2014 Author Share Posted July 3, 2014 (edited) Are you saying it's working before you install infusions then not afterwards? If so which infusion is breaking it?No darren. It doesn't work after or before... It's just a partial working before install any infusion.Before install it can redirect to my example.hmtl (with dnspoof running or without it) browsing to 172.16.42.1/example.html, but doesn't work if i type example.com with dnsspoof activating.. Anyway i need a complete redirection from dnsspoof. So the conclusion is: it doesn't work before or after install pineapple infusion. Even after a Factory Reset. Edited July 3, 2014 by daniboy92 Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted July 4, 2014 Share Posted July 4, 2014 Ok I'm looking into what may be causing the issue. In the meantime I did a quick video to get everyone up to speed on the feature. I haven't had any problems with it thus far, but perhaps that's just my luck. Can you do me a favor and provide the complete ifconfig or ipconfig results of a connected client? I'd like to see what DNS it's using. Video: https://www.youtube.com/watch?v=nggQan4XZ1E Quote Link to comment Share on other sites More sharing options...
daniboy92 Posted July 4, 2014 Author Share Posted July 4, 2014 (edited) Yes, of course Darren: test@test-VirtualBox:~$ ifconfig eth0 Link encap:Ethernet dirección HW 08:00:27:6c:42:32 ACTIVO DIFUSIÓN MULTICAST MTU:1500 Métrica:1 Paquetes RX:0 errores:0 perdidos:0 overruns:0 frame:0 Paquetes RX:0 errores:0 perdidos:0 overruns:0 frame:0 carrier:0 colisiones:0 long.colaTX:1000 Bytes RX:0 80.0 B) TEX bytes:0 (0.0 B) wlan0 Link encap:Ethernet direcciónHW 00:e0:4c:38:26:20 Direc. inet:192.168.0.5 Difus.:192.168.0.255 Másc:255.255.255.0 Direccón inet6: fe09::ef3:eff4:fe38_2620/64 Alcance:Enlace ACTIVO DIFUSIÓN MULTICAST MTU:1500 Métrica:1 Paquetes RX:5822 errores:0 perdidos:0 overruns:0 frame:0 Paquetes RX:1222 errores:0 perdidos:0 overruns:0 frame:0 carrier:0 colisiones:0 long.colaTX:1000 Bytes RX:1370711 (1.4 MB) TEX bytes:150480 (150.4 KB) And this is what shows iwconfig: test@test-VirtualBox:~$ iwconfig wlan0 IEEE 802.11bgn ESSID:"Pineapple5_133B" Mode:Managed Frequency:2.462 GHz Access Point: 00:45:33:B5:13:BB Bit Rate=72.2 Mb/s Tx-Power20 dBm Retry long limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:on Link Quality=70/70 Signal level=-17 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:51 Missed beacon:0 When i navigate into my Ubuntu searching for example.com: But at same time in my pineapple (today is showing something, yesterday showed nothing) No matter what device i choose: a virtual machine, a real computer, my Android... I have internet conecction except on webs that i want to spoof... EDIT: When i start ping to example.com it shows the real example.com's IP... Not pineapple's IP. Edited July 4, 2014 by daniboy92 Quote Link to comment Share on other sites More sharing options...
daniboy92 Posted July 4, 2014 Author Share Posted July 4, 2014 I was watching your tutorial Darren, it's great, but unfortunately i have all that steps complete without problems... Quote Link to comment Share on other sites More sharing options...
Skipper Posted July 4, 2014 Share Posted July 4, 2014 (edited) I've got the same results, I've just finished watching the video on how it works and I'm not being redirected to my "Hello World!" page instead of Zombo.com (which by the way is quite comical). When I go to 172.16.42.1 without the port it lets me see it but if I use zombo.com, www.zombo.com or anything like that it just takes me to the regular page. Here is my DNSSpoof config: http://cl.ly/image/1I0t082I0N46 My ifconfig results: http://cl.ly/image/1b1I1j0Y0i3I And my results from the command you posted: http://cl.ly/image/1G2n161z1C3T (I hope that's all that should appear) Let me know if anything else is needed or if I'm being stupid and missing something obvious :P Thanks Edited July 4, 2014 by Skipper Quote Link to comment Share on other sites More sharing options...
no42 Posted July 5, 2014 Share Posted July 5, 2014 (edited) I changed the /etc/nginx/nginx.conf file from: server { # php/fastcgi listen 8080; to server { # php/fastcgi listen 80; Now it works fine. However, beware this may interfere with any other httpd daemons like the captive portal. Edited July 5, 2014 by midnitesnake Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted July 5, 2014 Share Posted July 5, 2014 I changed the /etc/nginx/nginx.conf file from: server { # php/fastcgi listen 8080; to server { # php/fastcgi listen 80; Now it works fine. However, beware this may interfere with any other httpd daemons like the captive portal. So, we don't change the port to 8080 - we ship it as default as 80. I know that the EvilPortal Infusion changes the port. Maybe it doesn't change it back. This makes sense though, as the vanilla firmware has no such issues. Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
daniboy92 Posted July 5, 2014 Author Share Posted July 5, 2014 I changed the /etc/nginx/nginx.conf file from: server { # php/fastcgi listen 8080; to server { # php/fastcgi listen 80; Now it works fine. However, beware this may interfere with any other httpd daemons like the captive portal.Thank you so much... I will try this. But, we need a valid and definitive configuration for work with this tool without problems with other infusions...Darren, Seb, please let us know a solution for this... Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted July 6, 2014 Share Posted July 6, 2014 Thank you so much... I will try this. But, we need a valid and definitive configuration for work with this tool without problems with other infusions... Darren, Seb, please let us know a solution for this... It's not something we can solve, as it isn't an issue with our firmware. It's an issue if you have used / set up the evil portal infusion. I suggest you point this issue out to the author of that infusion. Best regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
jmelody Posted July 6, 2014 Share Posted July 6, 2014 Can confirm what Seb is saying. I too watched the latest video, and was working on my spoofed webpage, when I decided to see if there was some code in evil portal infusion that I could use (there's not). After I installed the infusion my DNSspoof quit working. Upon reflashing the 1.4.1 firmware, everything worked as normal. Thanks for finding the change in nginx.conf though! I knew it was something to do with nginx, but it was just easier for me to reflash and start fresh. Quote Link to comment Share on other sites More sharing options...
daniboy92 Posted July 6, 2014 Author Share Posted July 6, 2014 (edited) But that is not my case... Even when i do a Factory Reset dnsspoof DOESN'T work for me... I only access to my fake webs via IP (172.16.42.1/example.html)... But not putting the domain (www.example.com)... It's when i install infusions when even doesn't work via IP... Edited July 6, 2014 by daniboy92 Quote Link to comment Share on other sites More sharing options...
daniboy92 Posted July 6, 2014 Author Share Posted July 6, 2014 I try to change: server { # php/fastcgilisten 8080; to server { # php/fastcgilisten 80; Even with this doesn't work. This isn't a USER issue... It's a pineapple issue... Mine pineapple. Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted July 6, 2014 Share Posted July 6, 2014 /etc/config/dhcp list 'dhcp_option' '6,172.16.42.1,8.8.8.8' list 'dhcp_option' '6,172.16.42.1,208.67.222.222' Try removing the ",8.8.8.8" and ",208.67.222.222" parts. Reboot, try again. Wondering if clients are using those DNS servers rather than the preferred 172.16.42.1 Quote Link to comment Share on other sites More sharing options...
Skipper Posted July 7, 2014 Share Posted July 7, 2014 That seemed to work for me, although it's not redirecting for https pages and when I try to use SSLStrip with DNSSpoof it overrides the redirection and just shows you the stripped page, no redirection. /etc/config/dhcp list 'dhcp_option' '6,172.16.42.1,8.8.8.8' list 'dhcp_option' '6,172.16.42.1,208.67.222.222' Try removing the ",8.8.8.8" and ",208.67.222.222" parts. Reboot, try again. Wondering if clients are using those DNS servers rather than the preferred 172.16.42.1 Quote Link to comment Share on other sites More sharing options...
daniboy92 Posted July 8, 2014 Author Share Posted July 8, 2014 /etc/config/dhcp list 'dhcp_option' '6,172.16.42.1,8.8.8.8' list 'dhcp_option' '6,172.16.42.1,208.67.222.222' Try removing the ",8.8.8.8" and ",208.67.222.222" parts. Reboot, try again. Wondering if clients are using those DNS servers rather than the preferred 172.16.42.1 Thank you Darren... It works fine for me.. But now i have a issue... Yes, one more time.. Now i can spoof example.com and facebook.com. On facebook.com when i put my username and my password the web redirects correctly to same spoofed web, but in dnsspoof logs i can't see the user and password... What's the piece of this puzzle? Quote Link to comment Share on other sites More sharing options...
daniboy92 Posted July 8, 2014 Author Share Posted July 8, 2014 Ok, all it's OK. I find the pineapple-phish.log in /tmp folder. Now set this to my custom log. Now my pineapple it's working fine and without problems... All was problems with DNS (thank you Darren) and the nginx.conf file (thanks midnitesnake) Thank you!!!. Quote Link to comment Share on other sites More sharing options...
thegingerone Posted July 9, 2014 Share Posted July 9, 2014 The SSLStrip infusion seemed to bypass the DNSSpoof and by looking at teh IP tables I am guessing that is correct. However stopping the infusion it still hangs onto the routing and so you need to delete it for DNSSpoof to work correctly. Quote Link to comment Share on other sites More sharing options...
daniboy92 Posted July 9, 2014 Author Share Posted July 9, 2014 The SSLStrip infusion seemed to bypass the DNSSpoof and by looking at teh IP tables I am guessing that is correct. However stopping the infusion it still hangs onto the routing and so you need to delete it for DNSSpoof to work correctly. So... What we need to work with dnspoof and sslstrip simultaneously without problems? Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted July 10, 2014 Share Posted July 10, 2014 SSLStrip requires traffic to be redirected to it. The only way that you can make this work is by chaining the programs via iptables. I haven't tried it, but technically that works. Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.