Jump to content

Recommended Posts

Posted (edited)

Can anyone get their Pineapple to DNSSpoof 100% of websites they want spoofed without failure? (Excepting https sites)

My Pineapple only spoofs intermittently and unreliably and until I can get it working correct 100% of the time its no good to me in the field.

Edited by factgasm
Posted

100% here on IE and Firefox for Windows 7, Chrome on Android and Iceweasel on Kali. However, there is a very serious limitation in the way DNSspoof works. When a browser (doesn't matter which as far as I can tell) tries to locate a site, it will make a DNS request but only if it hasn't already connected to that site previously that session. If it has already connected to that site, then the DNS info is cached from the previous visit. This results in some "odd" things such as:

1) If I DNS spoof a client to visit fake.com instead of real.com, after I cease DNS spoofing, they will still go to fake.com until they end their browser session (typically requires a reboot of the device, not simply closing the browser).

2) If they have visited that site prior to me engaging in DNS spoofing, they will still visit the real site since the IP address for it is already cached. DNS spoofing is completely ineffective as no DNS requests are made for the target site.

3) Changing to a different browser will fix either problem without restarting since each browser caches the DNS info seperately.

Other than somehow deleting the victim machine's cache remotely or causing their device to restart, I don't know of a way to overcome these limitations.

Posted

@King_Hrothgar and what about sites with ssl protocol? Can you spoof webs like Gmail, Hotmail, Twitter...? I'm asking you because I can't spoof sites with ssl except Facebook.

Posted

These limitations could potentially be overcome with iptables rules to redirect the IP traffic rather than the DNS queries. Meaning if example.com is cached as 93.184.216.119 and you reroute that IP to 172.16.42.1 it wouldn't matter if the browser has DNS cached or not.

Posted

@King_Hrothgar and what about sites with ssl protocol? Can you spoof webs like Gmail, Hotmail, Twitter...? I'm asking you because I can't spoof sites with ssl except Facebook.

Pay close attention to what the browser actually looks up when you try to spoof a site. If you're using firefox or chrome, I promise you it's sticking in https regardless of what you enter into the address bar if you are going to a common site (twitter, youtube and so on). Assuming the browser hasn't cached the IP already, this often results in simply blocking the website. DNSspoof is primarily effective against outdated browsers or when spoofing less common sites, like this one. :tongue:

If you are looking for a more reliable spoofing method, I suspect Darren's method would be very effective though I've never tried it.

Posted

Yeah, the proxy we are releasing soon as part of the WiFi Pineapple firmware will be able to see the domain requested and can spoof / intercept / inject code into the response.

More info on this when it's ready!

Best Regards,

Sebkinne

Posted

Yeah, the proxy we are releasing soon as part of the WiFi Pineapple firmware will be able to see the domain requested and can spoof / intercept / inject code into the response.

More info on this when it's ready!

Best Regards,

Sebkinne

This sounds very encouraging.

Posted (edited)

. . . . or when spoofing less common sites, like this one. :tongue:

I prefer to think of Hak5 Forums as being "more select" than "less common". :wink:

Edited by factgasm

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...