Jump to content

Archived

This topic is now archived and is closed to further replies.

factgasm

DNSSpoof success rate

Recommended Posts

Can anyone get their Pineapple to DNSSpoof 100% of websites they want spoofed without failure? (Excepting https sites)

My Pineapple only spoofs intermittently and unreliably and until I can get it working correct 100% of the time its no good to me in the field.

Share this post


Link to post
Share on other sites

When I run the random roll infusion it will spoof pretty much everything I throw at it.

Share this post


Link to post
Share on other sites

100% here on IE and Firefox for Windows 7, Chrome on Android and Iceweasel on Kali. However, there is a very serious limitation in the way DNSspoof works. When a browser (doesn't matter which as far as I can tell) tries to locate a site, it will make a DNS request but only if it hasn't already connected to that site previously that session. If it has already connected to that site, then the DNS info is cached from the previous visit. This results in some "odd" things such as:

1) If I DNS spoof a client to visit fake.com instead of real.com, after I cease DNS spoofing, they will still go to fake.com until they end their browser session (typically requires a reboot of the device, not simply closing the browser).

2) If they have visited that site prior to me engaging in DNS spoofing, they will still visit the real site since the IP address for it is already cached. DNS spoofing is completely ineffective as no DNS requests are made for the target site.

3) Changing to a different browser will fix either problem without restarting since each browser caches the DNS info seperately.

Other than somehow deleting the victim machine's cache remotely or causing their device to restart, I don't know of a way to overcome these limitations.

Share this post


Link to post
Share on other sites

@King_Hrothgar and what about sites with ssl protocol? Can you spoof webs like Gmail, Hotmail, Twitter...? I'm asking you because I can't spoof sites with ssl except Facebook.

Share this post


Link to post
Share on other sites

These limitations could potentially be overcome with iptables rules to redirect the IP traffic rather than the DNS queries. Meaning if example.com is cached as 93.184.216.119 and you reroute that IP to 172.16.42.1 it wouldn't matter if the browser has DNS cached or not.

Share this post


Link to post
Share on other sites

@King_Hrothgar and what about sites with ssl protocol? Can you spoof webs like Gmail, Hotmail, Twitter...? I'm asking you because I can't spoof sites with ssl except Facebook.

Pay close attention to what the browser actually looks up when you try to spoof a site. If you're using firefox or chrome, I promise you it's sticking in https regardless of what you enter into the address bar if you are going to a common site (twitter, youtube and so on). Assuming the browser hasn't cached the IP already, this often results in simply blocking the website. DNSspoof is primarily effective against outdated browsers or when spoofing less common sites, like this one. :tongue:

If you are looking for a more reliable spoofing method, I suspect Darren's method would be very effective though I've never tried it.

Share this post


Link to post
Share on other sites

Yeah, the proxy we are releasing soon as part of the WiFi Pineapple firmware will be able to see the domain requested and can spoof / intercept / inject code into the response.

More info on this when it's ready!

Best Regards,

Sebkinne

Share this post


Link to post
Share on other sites

Yeah, the proxy we are releasing soon as part of the WiFi Pineapple firmware will be able to see the domain requested and can spoof / intercept / inject code into the response.

More info on this when it's ready!

Best Regards,

Sebkinne

This sounds very encouraging.

Share this post


Link to post
Share on other sites

. . . . or when spoofing less common sites, like this one. :tongue:

I prefer to think of Hak5 Forums as being "more select" than "less common". :wink:

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...