factgasm Posted July 18, 2014 Posted July 18, 2014 (edited) Can anyone get their Pineapple to DNSSpoof 100% of websites they want spoofed without failure? (Excepting https sites) My Pineapple only spoofs intermittently and unreliably and until I can get it working correct 100% of the time its no good to me in the field. Edited July 18, 2014 by factgasm Quote
barry99705 Posted July 19, 2014 Posted July 19, 2014 When I run the random roll infusion it will spoof pretty much everything I throw at it. Quote
King_Hrothgar Posted July 22, 2014 Posted July 22, 2014 100% here on IE and Firefox for Windows 7, Chrome on Android and Iceweasel on Kali. However, there is a very serious limitation in the way DNSspoof works. When a browser (doesn't matter which as far as I can tell) tries to locate a site, it will make a DNS request but only if it hasn't already connected to that site previously that session. If it has already connected to that site, then the DNS info is cached from the previous visit. This results in some "odd" things such as: 1) If I DNS spoof a client to visit fake.com instead of real.com, after I cease DNS spoofing, they will still go to fake.com until they end their browser session (typically requires a reboot of the device, not simply closing the browser). 2) If they have visited that site prior to me engaging in DNS spoofing, they will still visit the real site since the IP address for it is already cached. DNS spoofing is completely ineffective as no DNS requests are made for the target site. 3) Changing to a different browser will fix either problem without restarting since each browser caches the DNS info seperately. Other than somehow deleting the victim machine's cache remotely or causing their device to restart, I don't know of a way to overcome these limitations. Quote
daniboy92 Posted July 22, 2014 Posted July 22, 2014 @King_Hrothgar and what about sites with ssl protocol? Can you spoof webs like Gmail, Hotmail, Twitter...? I'm asking you because I can't spoof sites with ssl except Facebook. Quote
Darren Kitchen Posted July 22, 2014 Posted July 22, 2014 These limitations could potentially be overcome with iptables rules to redirect the IP traffic rather than the DNS queries. Meaning if example.com is cached as 93.184.216.119 and you reroute that IP to 172.16.42.1 it wouldn't matter if the browser has DNS cached or not. Quote
King_Hrothgar Posted July 23, 2014 Posted July 23, 2014 @King_Hrothgar and what about sites with ssl protocol? Can you spoof webs like Gmail, Hotmail, Twitter...? I'm asking you because I can't spoof sites with ssl except Facebook. Pay close attention to what the browser actually looks up when you try to spoof a site. If you're using firefox or chrome, I promise you it's sticking in https regardless of what you enter into the address bar if you are going to a common site (twitter, youtube and so on). Assuming the browser hasn't cached the IP already, this often results in simply blocking the website. DNSspoof is primarily effective against outdated browsers or when spoofing less common sites, like this one. If you are looking for a more reliable spoofing method, I suspect Darren's method would be very effective though I've never tried it. Quote
Sebkinne Posted July 23, 2014 Posted July 23, 2014 Yeah, the proxy we are releasing soon as part of the WiFi Pineapple firmware will be able to see the domain requested and can spoof / intercept / inject code into the response. More info on this when it's ready! Best Regards, Sebkinne Quote
m40295 Posted July 23, 2014 Posted July 23, 2014 seb you tease, is it defcon time yet .... comon augest Quote
factgasm Posted July 24, 2014 Author Posted July 24, 2014 Yeah, the proxy we are releasing soon as part of the WiFi Pineapple firmware will be able to see the domain requested and can spoof / intercept / inject code into the response. More info on this when it's ready! Best Regards, Sebkinne This sounds very encouraging. Quote
factgasm Posted July 24, 2014 Author Posted July 24, 2014 (edited) . . . . or when spoofing less common sites, like this one. I prefer to think of Hak5 Forums as being "more select" than "less common". Edited July 30, 2014 by factgasm Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.