forstbyte Posted July 31, 2014 Share Posted July 31, 2014 Hello , i am currently working on MITM attacks and i am trying to redirect websites to my computer through dnsspoof and the problem is that ,although it is picking up traffic and i can see it registers all sites the victim is visiting , it is still letting the victim connect to the website instead of redirecting it to me. Here is a my procedure: -firstly i created a mon0 interface form wlan0 wireless card -i started up my access point [ airbase-ng --essid mitm -c 11 mon0 ] -then i created a bridge between at0 and eth0 : brctl addbr mitm-bridge brctl addif mitm-bridge eth0 brctl addif mitm-bridge at0 ifconfig eth0 0.0.0.0 up ifconfig at0 0.0.0.0 up -then i went into [ ifconfig ] to see my ip ( lets say it is 150.150.1.1 ) and did : ifconfig mitm-bridge 150.150.1.1 up -so now my machine and the bridge have the same ip -then i did ip forwarding: echo 1 > /proc/sys/net/ipv4/ip_forward -i connected the victim to the airbase-ng and everything was fine .The traffic was going through and there was no problem. -then i did: dnsspoof -i mitm-bridge -it started and when i went to google.com on the victim machine it didnt reroute it.It just went to google.com -when it connected to google.com it showed : 192.168.1.13 .<some random 5 digit number> > 192.186.1.1.53 A? google.com -from where i was getting my information about dnsspoof it showed that instead of the 192.168.1.13 ( the ip of the victim device ) should be 150.150.1.1 ( attacking device ) and it was stated that the connection would be refused but it wasnt! Please help me! I am trying to figure this out for a week now... Good day! Quote Link to comment Share on other sites More sharing options...
shootout Posted August 6, 2014 Share Posted August 6, 2014 I am having the same problem man. I didnt bridge anything. I go arpsoof and its working . Then ip_forward and its all ok . But then i do sudo dnsspoof -i wlan0 -f myresolver.txt which is the file i have all the redirections. 192.168.0.11.7020 > 217.16.112.21.53: 63814+ A? www.youtube.com 192.168.0.11.7020 > 217.16.112.21.53: 63814+ A? www.youtube.com this is what i get and nothing happens it just goes to youtube. Why is this happening i am doing everything . Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.