DNSSpoof on Mark V doesn't work

[GarrettVD]

I'll preface this by saying yes, I have searched the forums in-depth for a working solution. The DNSSpoof functionality on my factory-flashed v1.4.1 firmware Mark V simple does not function

I've configured the Mark V to host an access point on wlan0, to which I've connected with my iPhone. My Mark V is connected to my machine running Kali Linux via an ethernet cable. The Mark V has internet access provided via the wwan0 Sierra Wireless LTE modem on host maching (not the Pineapple as there don't appear to be supporting drivers). The clients of my AP on wlan0 have complete internet access this way, and I am able to browse just fine through my iPhone.

But the DNSSpoof configuration simply doesn't work out-of-the-box.

I've searched the /etc/pineapple/spoofhost and there are no extraneous ^M characters, as suggested in other threads.

I've executed the dnsspoof command directly as suggested by Darren. When attempting to browse to facebook.com, the output is as follows.

root@Pineapple:/www# dnsspoof -i br-lan -f /etc/pineapple/spoofhost
dnsspoof: listening on br-lan [udp dst port 53 and not src 172.16.42.1]
172.16.42.144.57622 > 172.16.42.1.53: 1791+ A? star.c10r.facebook.com
172.16.42.144.49996 > 172.16.42.1.53: 62932+ A? channel-proxy-07-ash2.facebook.com
172.16.42.144.61799 > 172.16.42.1.53: 26997+ A? webdav.facebook.com

ifconfig output from the Pineapple, configured with my AP on wlan0:

br-lan Link encap:Ethernet HWaddr 00:13:37:A5:2F:4C
inet addr:172.16.42.1 Bcast:172.16.42.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21746 errors:0 dropped:8 overruns:0 frame:0
TX packets:9669 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6718537 (6.4 MiB) TX bytes:3575839 (3.4 MiB)

eth0 Link encap:Ethernet HWaddr 00:13:37:A5:2F:4C
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:16654 errors:0 dropped:8 overruns:0 frame:0
TX packets:15500 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7020808 (6.6 MiB) TX bytes:4583345 (4.3 MiB)
Interrupt:4

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1454 errors:0 dropped:0 overruns:0 frame:0
TX packets:1454 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:106768 (104.2 KiB) TX bytes:106768 (104.2 KiB)

wlan0 Link encap:Ethernet HWaddr 00:13:37:A5:2F:4C
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7070 errors:0 dropped:0 overruns:0 frame:0
TX packets:7064 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1203614 (1.1 MiB) TX bytes:4837933 (4.6 MiB)

My /etc/pineapple/spoofhost file:

172.16.42.1 *.facebook.com

172.16.42.1 facebook.com

After much mucking-around, I've settled on this for the /www/redirect.php file contents:

<?php
$ref = $_SERVER['HTTP_REFERER'];
if (strpos($ref, "facebook")){ header('Location: facebook.html'); }
require('index.html');
?>

iPhone Wi-Fi settings once connected are as follows:

IP: 172.16.42.144

Subnet Mask: 255.255.255.0

Router: 172.16.42.1

DNS: 172.16.42.1

Search Domains: lan

I just have no idea why this doesn't work.

Edited August 7, 2014 by GarrettVD

[GarrettVD]

I ended up just modifying the iptables manually.

iptables -t nat -A PREROUTING -i br-lan -p tcp -d foo.com -j DNAT --to 172.16.42.1
echo 1 > /proc/sys/net/ipv4/ip_forward

[Darren Kitchen]

What settings do you have in /etc/config/dhcp?

Have you tested this on any device other than the iPhone?

Have you tested on a site for which the device does not have cached, like lalalalalalalalalalalala.com

Have you tested on a non-ssl site?