Jump to content

DNSSpoof on Mark V doesn't work


GarrettVD

Recommended Posts

I'll preface this by saying yes, I have searched the forums in-depth for a working solution. The DNSSpoof functionality on my factory-flashed v1.4.1 firmware Mark V simple does not function

I've configured the Mark V to host an access point on wlan0, to which I've connected with my iPhone. My Mark V is connected to my machine running Kali Linux via an ethernet cable. The Mark V has internet access provided via the wwan0 Sierra Wireless LTE modem on host maching (not the Pineapple as there don't appear to be supporting drivers). The clients of my AP on wlan0 have complete internet access this way, and I am able to browse just fine through my iPhone.

But the DNSSpoof configuration simply doesn't work out-of-the-box.

I've searched the /etc/pineapple/spoofhost and there are no extraneous ^M characters, as suggested in other threads.

I've executed the dnsspoof command directly as suggested by Darren. When attempting to browse to facebook.com, the output is as follows.

root@Pineapple:/www# dnsspoof -i br-lan -f /etc/pineapple/spoofhost
dnsspoof: listening on br-lan [udp dst port 53 and not src 172.16.42.1]
172.16.42.144.57622 > 172.16.42.1.53: 1791+ A? star.c10r.facebook.com
172.16.42.144.49996 > 172.16.42.1.53: 62932+ A? channel-proxy-07-ash2.facebook.com
172.16.42.144.61799 > 172.16.42.1.53: 26997+ A? webdav.facebook.com

ifconfig output from the Pineapple, configured with my AP on wlan0:

br-lan Link encap:Ethernet HWaddr 00:13:37:A5:2F:4C
inet addr:172.16.42.1 Bcast:172.16.42.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21746 errors:0 dropped:8 overruns:0 frame:0
TX packets:9669 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6718537 (6.4 MiB) TX bytes:3575839 (3.4 MiB)

eth0 Link encap:Ethernet HWaddr 00:13:37:A5:2F:4C
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:16654 errors:0 dropped:8 overruns:0 frame:0
TX packets:15500 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7020808 (6.6 MiB) TX bytes:4583345 (4.3 MiB)
Interrupt:4

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1454 errors:0 dropped:0 overruns:0 frame:0
TX packets:1454 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:106768 (104.2 KiB) TX bytes:106768 (104.2 KiB)

wlan0 Link encap:Ethernet HWaddr 00:13:37:A5:2F:4C
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7070 errors:0 dropped:0 overruns:0 frame:0
TX packets:7064 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1203614 (1.1 MiB) TX bytes:4837933 (4.6 MiB)

My /etc/pineapple/spoofhost file:

172.16.42.1 *.facebook.com

172.16.42.1 facebook.com

After much mucking-around, I've settled on this for the /www/redirect.php file contents:

<?php
$ref = $_SERVER['HTTP_REFERER'];
if (strpos($ref, "facebook")){ header('Location: facebook.html'); }
require('index.html');
?>

iPhone Wi-Fi settings once connected are as follows:

IP: 172.16.42.144

Subnet Mask: 255.255.255.0

Router: 172.16.42.1

DNS: 172.16.42.1

Search Domains: lan

I just have no idea why this doesn't work.

Edited by GarrettVD
Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...