factgasm Posted July 18, 2014 Share Posted July 18, 2014 (edited) Can anyone get their Pineapple to DNSSpoof 100% of websites they want spoofed without failure? (Excepting https sites) My Pineapple only spoofs intermittently and unreliably and until I can get it working correct 100% of the time its no good to me in the field. Edited July 18, 2014 by factgasm Quote Link to comment Share on other sites More sharing options...
barry99705 Posted July 19, 2014 Share Posted July 19, 2014 When I run the random roll infusion it will spoof pretty much everything I throw at it. Quote Link to comment Share on other sites More sharing options...
King_Hrothgar Posted July 22, 2014 Share Posted July 22, 2014 100% here on IE and Firefox for Windows 7, Chrome on Android and Iceweasel on Kali. However, there is a very serious limitation in the way DNSspoof works. When a browser (doesn't matter which as far as I can tell) tries to locate a site, it will make a DNS request but only if it hasn't already connected to that site previously that session. If it has already connected to that site, then the DNS info is cached from the previous visit. This results in some "odd" things such as: 1) If I DNS spoof a client to visit fake.com instead of real.com, after I cease DNS spoofing, they will still go to fake.com until they end their browser session (typically requires a reboot of the device, not simply closing the browser). 2) If they have visited that site prior to me engaging in DNS spoofing, they will still visit the real site since the IP address for it is already cached. DNS spoofing is completely ineffective as no DNS requests are made for the target site. 3) Changing to a different browser will fix either problem without restarting since each browser caches the DNS info seperately. Other than somehow deleting the victim machine's cache remotely or causing their device to restart, I don't know of a way to overcome these limitations. Quote Link to comment Share on other sites More sharing options...
daniboy92 Posted July 22, 2014 Share Posted July 22, 2014 @King_Hrothgar and what about sites with ssl protocol? Can you spoof webs like Gmail, Hotmail, Twitter...? I'm asking you because I can't spoof sites with ssl except Facebook. Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted July 22, 2014 Share Posted July 22, 2014 These limitations could potentially be overcome with iptables rules to redirect the IP traffic rather than the DNS queries. Meaning if example.com is cached as 93.184.216.119 and you reroute that IP to 172.16.42.1 it wouldn't matter if the browser has DNS cached or not. Quote Link to comment Share on other sites More sharing options...
King_Hrothgar Posted July 23, 2014 Share Posted July 23, 2014 @King_Hrothgar and what about sites with ssl protocol? Can you spoof webs like Gmail, Hotmail, Twitter...? I'm asking you because I can't spoof sites with ssl except Facebook. Pay close attention to what the browser actually looks up when you try to spoof a site. If you're using firefox or chrome, I promise you it's sticking in https regardless of what you enter into the address bar if you are going to a common site (twitter, youtube and so on). Assuming the browser hasn't cached the IP already, this often results in simply blocking the website. DNSspoof is primarily effective against outdated browsers or when spoofing less common sites, like this one. If you are looking for a more reliable spoofing method, I suspect Darren's method would be very effective though I've never tried it. Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted July 23, 2014 Share Posted July 23, 2014 Yeah, the proxy we are releasing soon as part of the WiFi Pineapple firmware will be able to see the domain requested and can spoof / intercept / inject code into the response. More info on this when it's ready! Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
m40295 Posted July 23, 2014 Share Posted July 23, 2014 seb you tease, is it defcon time yet .... comon augest Quote Link to comment Share on other sites More sharing options...
factgasm Posted July 24, 2014 Author Share Posted July 24, 2014 Yeah, the proxy we are releasing soon as part of the WiFi Pineapple firmware will be able to see the domain requested and can spoof / intercept / inject code into the response. More info on this when it's ready! Best Regards, Sebkinne This sounds very encouraging. Quote Link to comment Share on other sites More sharing options...
factgasm Posted July 24, 2014 Author Share Posted July 24, 2014 (edited) . . . . or when spoofing less common sites, like this one. I prefer to think of Hak5 Forums as being "more select" than "less common". Edited July 30, 2014 by factgasm Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.