Jump to content

Simple AP with dnsspoof not spoofing dns


TheNightAwk

Recommended Posts

Hi,

I'm trying to set up the Pineapple (firmware 2.0.3) as an access point (no Karma at all, just a single SSID) and display a simple page when wireless clients look for some specific websites.

This sounds pretty easy to do. I first have to make the Pineapple connect to an access point with wlan1 to route all the traffic. Then use dnsspoof and make a few host entries (eg: 172.16.42.1 website.com) for the websites I want clients to be redirected to and finally, modifying redirect.php to what I want to display.

The routing/forwarding part works, it's a bit slow but it works (I guess due to the forwarding to another AP). However, I can't get dnsspoof to work. When I do dns lookup for one of the domains from a connected client, I get the legitimate IP address and not the IP address I entered in dnsspoof. It worked at some point but all I got was a page that kept trying to load (like when you try to reach the pineapple on port 80; even though I changed the index to go to redirect.php) but it stopped working as soon as I rebooted the pineapple.

I also tried removing the infusions and reinstalling them, reflashing the pineapple, removing all unnecessary infusions but it is still not working.

Am I doing anything wrong? Or is that scenario not doable on the pineapple?

Link to comment
Share on other sites

I've noticed if you install infusions that are part of the new firmware separately (dnsspoof standalone or karma standalone) as opposed to using them with the built in tiles, things start breaking.

Did you install the DNSSpoof infusion on top of the one that already exists? If so, I'd remove that one or reflash.

Link to comment
Share on other sites

It kinda works. dnsspoof infusion was conflicting as you said.

When I do a nslookup on one of the websites in the hosts list, I get the IP of the pineapple. When giving that IP address in a browser, I get my crafted page. However, when I want to reach one of the spoofed domains, I get the legitimate website. It should have served the page I crafted instead.

By analyzing the traffic, I can see the traffic from the browser goes to the pineapple IP address as expected (and not the legitimate website's IP address) and ask for the the spoofed domain. So, the pineapple is acting as a proxy for some reason (if it was a gateway, I could see the traffic going to the legitimate IP. In this case, it goes to the pineapple's IP address).

Any idea how I can make the pineapple serve the page I crafted for the spoofed domains instead of acting as a proxy?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...