GarrettVD Posted August 7, 2014 Share Posted August 7, 2014 (edited) I'll preface this by saying yes, I have searched the forums in-depth for a working solution. The DNSSpoof functionality on my factory-flashed v1.4.1 firmware Mark V simple does not function I've configured the Mark V to host an access point on wlan0, to which I've connected with my iPhone. My Mark V is connected to my machine running Kali Linux via an ethernet cable. The Mark V has internet access provided via the wwan0 Sierra Wireless LTE modem on host maching (not the Pineapple as there don't appear to be supporting drivers). The clients of my AP on wlan0 have complete internet access this way, and I am able to browse just fine through my iPhone. But the DNSSpoof configuration simply doesn't work out-of-the-box. I've searched the /etc/pineapple/spoofhost and there are no extraneous ^M characters, as suggested in other threads. I've executed the dnsspoof command directly as suggested by Darren. When attempting to browse to facebook.com, the output is as follows. root@Pineapple:/www# dnsspoof -i br-lan -f /etc/pineapple/spoofhostdnsspoof: listening on br-lan [udp dst port 53 and not src 172.16.42.1]172.16.42.144.57622 > 172.16.42.1.53: 1791+ A? star.c10r.facebook.com172.16.42.144.49996 > 172.16.42.1.53: 62932+ A? channel-proxy-07-ash2.facebook.com172.16.42.144.61799 > 172.16.42.1.53: 26997+ A? webdav.facebook.com ifconfig output from the Pineapple, configured with my AP on wlan0: br-lan Link encap:Ethernet HWaddr 00:13:37:A5:2F:4C inet addr:172.16.42.1 Bcast:172.16.42.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:21746 errors:0 dropped:8 overruns:0 frame:0 TX packets:9669 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:6718537 (6.4 MiB) TX bytes:3575839 (3.4 MiB)eth0 Link encap:Ethernet HWaddr 00:13:37:A5:2F:4C UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:16654 errors:0 dropped:8 overruns:0 frame:0 TX packets:15500 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:7020808 (6.6 MiB) TX bytes:4583345 (4.3 MiB) Interrupt:4lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1454 errors:0 dropped:0 overruns:0 frame:0 TX packets:1454 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:106768 (104.2 KiB) TX bytes:106768 (104.2 KiB)wlan0 Link encap:Ethernet HWaddr 00:13:37:A5:2F:4C UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7070 errors:0 dropped:0 overruns:0 frame:0 TX packets:7064 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1203614 (1.1 MiB) TX bytes:4837933 (4.6 MiB) My /etc/pineapple/spoofhost file: 172.16.42.1 *.facebook.com 172.16.42.1 facebook.com After much mucking-around, I've settled on this for the /www/redirect.php file contents: <?php$ref = $_SERVER['HTTP_REFERER'];if (strpos($ref, "facebook")){ header('Location: facebook.html'); }require('index.html');?> iPhone Wi-Fi settings once connected are as follows: IP: 172.16.42.144 Subnet Mask: 255.255.255.0 Router: 172.16.42.1 DNS: 172.16.42.1 Search Domains: lan I just have no idea why this doesn't work. Edited August 7, 2014 by GarrettVD Quote Link to comment Share on other sites More sharing options...
GarrettVD Posted August 18, 2014 Author Share Posted August 18, 2014 I ended up just modifying the iptables manually. iptables -t nat -A PREROUTING -i br-lan -p tcp -d foo.com -j DNAT --to 172.16.42.1echo 1 > /proc/sys/net/ipv4/ip_forward Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted August 18, 2014 Share Posted August 18, 2014 What settings do you have in /etc/config/dhcp? Have you tested this on any device other than the iPhone? Have you tested on a site for which the device does not have cached, like lalalalalalalalalalalala.com Have you tested on a non-ssl site? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.