AXANO Posted November 23, 2015 Share Posted November 23, 2015 So here are the factsi am working with kali sana trying to spoof dns with ethercap1.internal network2.I can spoof dns ===> when pinging facebook.com from victim machine i get my internal IP (192.168.1.6)3.but when i try to browse with edge, chrome to facebook.com it says no connection4.when i spoof a different url i get the index page of the server of the attacker5.tried to spoof dns on xp and on windows 10 same resultshow can i solve this problem and what is the causeThank you in advance Quote Link to comment Share on other sites More sharing options...
digininja Posted November 23, 2015 Share Posted November 23, 2015 It's probably to do with HSTS and certificate pinning, basically Chrome is clever enough to work out that you are trying to mess with the site and so blocks access. You don't say which other sites you try but you'll probably get the same result from Google and any other big site which usually only runs over HTTPS. Quote Link to comment Share on other sites More sharing options...
AXANO Posted November 24, 2015 Author Share Posted November 24, 2015 Thank you for your reply after some research that took a while i found the same results Ive tried to spoof google.com with succes but the search site which is indeed https but doesnt have any log in fields. Question: will it e possible to spoof facebook.com if i configure my server (apache2) to respond as HTTPS???? Quote Link to comment Share on other sites More sharing options...
digininja Posted November 24, 2015 Share Posted November 24, 2015 Are you saying it worked for Google or not? Running a HTTPS based site might work, it depends on certificate pinning. That is a way that a company tells the browser what certificate to expect for their site and if it gets anything different it will give an error. Quote Link to comment Share on other sites More sharing options...
AXANO Posted November 24, 2015 Author Share Posted November 24, 2015 Yes it worked indeed for google.com I will try to configure my server with https and i will inform you with the results here on this post Thank you very much for your time!!!! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.