[Official] DNSspoof

[fred_do]

dnsspoof may not work in all cases. I'm looking at doing the same with dnsmasq and will work on a module for that.

tes for the reply , but could you explain how it is function after you have intercepted the domain ? ( this part is running perfectly) . so maybe can help

[jm0202]

Is this module working?

Whenever I try to do a dns spoof using the br-lan interface it never gets redirected to the web server in my nano...

[jm0202]

Does anyone have a working example of dns spoof with an android device?

[Winchester]

Anyone else having issues with DNSSpoof?

I set up my hosts to

172.16.42.1 *

Then enable DNSSpoof, connect to my nano network with mobile phones... Neither will get redirected to the nano's index.php page.

Anyone else encountering this?

so am i

[Winchester]

dnsspoof: listening on br-lan [udp dst port 53 and not src 172.16.42.1]

not 80 port?

[Whistle Master]

dnsspoof: listening on br-lan [udp dst port 53 and not src 172.16.42.1]

not 80 port?

Nope. DNS is on port 53.

[bags_777]

can anyone post a quick guide on using dnsspoof in wifipineapple nano? i tried running dnsspoof on br-lan and lo but still the client does not get redirected to the pineappple. thanks.

[Winchester]

i have the same prob

On my nano, it installs fine. But when trying to spoof a domain, the device does not get spoofed. Still shows the actual domain that is being spoofed.

[Whistle Master]

dnsspoof may not work in all cases. I'm looking at doing the same with dnsmasq and will work on a module for that.

The new module based on DNSMasq is available.

[rpcodes]

Feeling a little lost here. Waiting for Pineapple to reboot, as even trying DWall isn't showing results. It has worked in the past. But what I want to do, is send example.com requests to the pineapple via DNS Spoof.

What I did was install DNSSpoof, its dependencies, then tried Start. Then I visited example.com from a connected android device, and didn't get to pineapple.

So, since I am a little unsure about what some of these interfaces are, and I don't see any explanation on Universisty / wiki, I just tried this on each interface:

1. Change interface in menu

2. Press start

3. If no error, try to go to example.com on Android

My results were mostly errors, and not once did I see what I expected (pineapple's hello world example page)

wlan0 - I am assuming this is what clients are connected to when using Karma

dnsspoof: wlan0: no IPv4 address assigned

dnsspoof: couldn't initialize sniffing

wlan0-1 - not sure if this is what clients also connect to, or if admin portal

dnsspoof: wlan0-1: no IPv4 address assigned

dnsspoof: couldn't initialize sniffing

eth0 - okay, the ethernet port - I have nothing connected here

dnsspoof: eth0: no IPv4 address assigned

dnsspoof: couldn't initialize sniffing

eth1: Only one ethernet port, so not sure if this might be the unused USB?

dnsspoof: eth1: no IPv4 address assigned

dnsspoof: couldn't initialize sniffing

wlan1mon - what is this?

dnsspoof: unknown physical layer type 0x323

lo: tried using a connected android (v5.0) client visiting example.com goes to real site

dnsspoof: listening on lo [udp dst port 53 and not src 127.0.0.1]

br-lan: again not sure what this is, assuming it is connection to my linux box

dnsspoof: listening on br-lan [udp dst port 53 and not src 172.16.42.1]

My config in the Module:

172.16.42.1 example.com

So dual question, I suppose:

What exactly are the interfaces listed, can someone correct me on these? Did I miss an obvious explanation on wiki maybe?

And also, can I find more information on setting up the DNS Spoof module? Im comfortable with SSH but not sure where to go to investigate DNS spoof related issues.

[rpcodes]

Maybe DNS Spoof module is dead and replaced by DNS Masq module? https://forums.hak5.org/index.php?/topic/37893-dnsmasq-spoof/

Is there a list of known working configurations, in other words, should I be configuring something via SSH and not the web console? For either DNS spoof or masq

[Whistle Master]

Nothing is dead the fact is, it depends on a lot of parameters, and may not work in all situations.

[Captain]

I can confirm that nothing is dead just as Whistle Master stated. I think DNSSPOOF is falling victim to a range of variable.

For some reason, the functionality is a bit like flipping  a coin as to whether it "works" or not. That "works" is qualified, as there are about 100 variables that seem to come into play. The biggest variables for me are: 1, the clients web browser \ device settings. 2, the interface the traffic is coming in on

I am new here, but mad props to Whistle Master on all his hard work!

Here is a quick run down on how I was able to get mine to work: 1. Setup your hosts list (I also added "172.16.42.1:1471 172.16.42.1:1471" to ensure I wouldn't get rerouted when coming into the management port (I dont think this is necessary, but I was just playing it safe)  2. run your DNSSPOOF session against br-lan (assuming you want to route all traffic that is passed). 3. either use the landing page section to create a page, or upload a custom payload to /www 4. Test your landing page by browsing to 172.16.42.1 to ensure your pineapple is serving up something that is in existence. 5. Ensure your pineapple is not serving internet (typically over WAN2) - for some reason, I have never been able to get DNSSPOOF to work if you are also serving internet.

If you are having issues with it, try bouncing DNSSPOOF by enabling and disabling. Also, rebooting the pineapple seems to help as well.

By no means is this anything new by way of information, but this is just my quick discoveries in messing with it for a few days.

 

 

[Forkish]

Thank you captain for an example of what works.  I would love to see some more examples of what works written up on this and other modules. If I can deconstruct working examples, it allows me to understand how tweaking options relate to one another.  

Would somone write up some examples with their required parameters that allow for this module to work in some fashion or another?

[Diogo Repas]

My DNSspoof module is not working correctly...

Searching and testing made me realize that the problem is probably that dnsspoof is responding too slow to the DNS queries and the Google dns answers reach the client faster (as shown in the pcap below (ie. packets 9-13)), so the client's dns queries do not get spoofed.

After a ton of googling I've found a post referring to a bug in kali's dnsspoof (https://bugs.kali.org/view.php?id=2631) and they mentioned the problem was with libpcap... Is it possible that something related is happening?

 

Thank you for your time,

DRepas

 

dnsspoof-slow_response.pcap

[Mother]

So are the 2 modules even worth using. I have no luck in getting either module to work. Any thoughts?

 

[RChadwick]

Silly question, but can DNSSpoof be run from command line? I wanted to make an Evil Portal that would automatically activate DSNSpoof, hoping I can do it from PHP. Thanks!

[Just_a_User]

3 hours ago, RChadwick said:

Silly question, but can DNSSpoof be run from command line? I wanted to make an Evil Portal that would automatically activate DSNSpoof, hoping I can do it from PHP. Thanks!

Think so,

/usr/sbin# ./dnsspoof -h
Version: 2.4
Usage: dnsspoof [-i interface] [-f hostsfile] [expression]

[TimberSweet]

This might be a bone noob question but is it possible to have multiple landing pages for multiple hosts?

I want to use DNSSpoof in an organisation and harvest the credentials from a number of landing pages - can this be done or does the index.php file on the main landing page have to handle this?

TIA

TS

[khanbari]

Dnsspoof never worked for me. 

The point made in the trailing post about the  Internet offered should be disabled to make it work is just defeating the purpose of having the module in the first place. 

I want to serve Internet to the client and only want to spoof selected dns. 

Did anyone managed to get this working? 

I'm using nano. 

[esa]

3 hours ago, khanbari said:

Dnsspoof never worked for me. 

The point made in the trailing post about the  Internet offered should be disabled to make it work is just defeating the purpose of having the module in the first place. 

I want to serve Internet to the client and only want to spoof selected dns. 

Did anyone managed to get this working? 

I'm using nano. 

Use DnsMasq. Dnsspoof is not working. please read Diogo Repas's post.

Quote

My DNSspoof module is not working correctly...

Searching and testing made me realize that the problem is probably that dnsspoof is responding too slow to the DNS queries and the Google dns answers reach the client faster (as shown in the pcap below (ie. packets 9-13)), so the client's dns queries do not get spoofed.

After a ton of googling I've found a post referring to a bug in kali's dnsspoof (https://bugs.kali.org/view.php?id=2631) and they mentioned the problem was with libpcap... Is it possible that something related is happening?

I have also confirmed this issue of slow dns response. 

[khanbari]

27 minutes ago, esadako said:

Use DnsMasq. Dnsspoof is not working. please read Diogo Repas's post.

I have also confirmed this issue of slow dns response. 

Hi 

Thanks for the response. I'm glad to be part of such a team. 

I'm using both the spoof modules and it doesn't seems to work. Is it just me? 

Tested the below dns which does not exist and the browser lands me to page not found. 

http://hak333333e.com

I'm mapping 172.16.42.1 *. *

[esa]

20 hours ago, khanbari said:

Hi 

Thanks for the response. I'm glad to be part of such a team. 

I'm using both the spoof modules and it doesn't seems to work. Is it just me? 

Tested the below dns which does not exist and the browser lands me to page not found. 

http://hak333333e.com

I'm mapping 172.16.42.1 *. *

 

On DNSMasq, modify the host file as such

172.16.42.1 example.com www.example.com mail.example.com
172.16.42.1 *

modify the landing as such

<html>
 <head>
  <title>PHP Test</title>
 </head>
 <body>
 <?php echo '<p>Hello World</p>'; ?> 
 </body>
</html>

1) Connect your device to a AP generated by Pineapple

2) Ensure that your device has internet after connecting to the Pineapple AP

3) Start DNSMasq Spoof.

4) Close all browsers/delete cache

5) Surf to any website. Only 1 of 2 outcome if ur DNSMasq works

a) you see a Hello World on the browser

b) The browser refuses to connect due to HSTS

[khanbari]

5 hours ago, esadako said:

 

On DNSMasq, modify the host file as such

172.16.42.1 example.com www.example.com mail.example.com
172.16.42.1 *

modify the landing as such

<html>
 <head>
  <title>PHP Test</title>
 </head>
 <body>
 <?php echo '<p>Hello World</p>'; ?> 
 </body>
</html>

1) Connect your device to a AP generated by Pineapple

2) Ensure that your device has internet after connecting to the Pineapple AP

3) Start DNSMasq Spoof.

4) Close all browsers/delete cache

5) Surf to any website. Only 1 of 2 outcome if ur DNSMasq works

a) you see a Hello World on the browser

b) The browser refuses to connect due to HSTS

Thanks for the response. 

I'm still with no success. 

Used the same steps as mentioned. 

Only example.com seems to work but the wild card doesn't. 

[esa]

7 hours ago, khanbari said:

Thanks for the response. 

I'm still with no success. 

Used the same steps as mentioned. 

Only example.com seems to work but the wild card doesn't. 

Okay try using this