fred_do Posted March 8, 2016 Share Posted March 8, 2016 dnsspoof may not work in all cases. I'm looking at doing the same with dnsmasq and will work on a module for that. tes for the reply , but could you explain how it is function after you have intercepted the domain ? ( this part is running perfectly) . so maybe can help Quote Link to comment Share on other sites More sharing options...
jm0202 Posted March 11, 2016 Share Posted March 11, 2016 Is this module working? Whenever I try to do a dns spoof using the br-lan interface it never gets redirected to the web server in my nano... 1 Quote Link to comment Share on other sites More sharing options...
jm0202 Posted March 13, 2016 Share Posted March 13, 2016 Does anyone have a working example of dns spoof with an android device? Quote Link to comment Share on other sites More sharing options...
Winchester Posted March 17, 2016 Share Posted March 17, 2016 Anyone else having issues with DNSSpoof? I set up my hosts to 172.16.42.1 * Then enable DNSSpoof, connect to my nano network with mobile phones... Neither will get redirected to the nano's index.php page. Anyone else encountering this? so am i Quote Link to comment Share on other sites More sharing options...
Winchester Posted March 17, 2016 Share Posted March 17, 2016 dnsspoof: listening on br-lan [udp dst port 53 and not src 172.16.42.1] not 80 port? Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted March 18, 2016 Author Share Posted March 18, 2016 dnsspoof: listening on br-lan [udp dst port 53 and not src 172.16.42.1] not 80 port? Nope. DNS is on port 53. Quote Link to comment Share on other sites More sharing options...
bags_777 Posted March 19, 2016 Share Posted March 19, 2016 can anyone post a quick guide on using dnsspoof in wifipineapple nano? i tried running dnsspoof on br-lan and lo but still the client does not get redirected to the pineappple. thanks. Quote Link to comment Share on other sites More sharing options...
Winchester Posted March 20, 2016 Share Posted March 20, 2016 i have the same prob On my nano, it installs fine. But when trying to spoof a domain, the device does not get spoofed. Still shows the actual domain that is being spoofed. Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted March 25, 2016 Author Share Posted March 25, 2016 dnsspoof may not work in all cases. I'm looking at doing the same with dnsmasq and will work on a module for that. The new module based on DNSMasq is available. Quote Link to comment Share on other sites More sharing options...
rpcodes Posted May 12, 2016 Share Posted May 12, 2016 Feeling a little lost here. Waiting for Pineapple to reboot, as even trying DWall isn't showing results. It has worked in the past. But what I want to do, is send example.com requests to the pineapple via DNS Spoof. What I did was install DNSSpoof, its dependencies, then tried Start. Then I visited example.com from a connected android device, and didn't get to pineapple. So, since I am a little unsure about what some of these interfaces are, and I don't see any explanation on Universisty / wiki, I just tried this on each interface: 1. Change interface in menu 2. Press start 3. If no error, try to go to example.com on Android My results were mostly errors, and not once did I see what I expected (pineapple's hello world example page) wlan0 - I am assuming this is what clients are connected to when using Karma dnsspoof: wlan0: no IPv4 address assigned dnsspoof: couldn't initialize sniffing wlan0-1 - not sure if this is what clients also connect to, or if admin portal dnsspoof: wlan0-1: no IPv4 address assigned dnsspoof: couldn't initialize sniffing eth0 - okay, the ethernet port - I have nothing connected here dnsspoof: eth0: no IPv4 address assigned dnsspoof: couldn't initialize sniffing eth1: Only one ethernet port, so not sure if this might be the unused USB? dnsspoof: eth1: no IPv4 address assigned dnsspoof: couldn't initialize sniffing wlan1mon - what is this? dnsspoof: unknown physical layer type 0x323 lo: tried using a connected android (v5.0) client visiting example.com goes to real site dnsspoof: listening on lo [udp dst port 53 and not src 127.0.0.1] br-lan: again not sure what this is, assuming it is connection to my linux box dnsspoof: listening on br-lan [udp dst port 53 and not src 172.16.42.1] My config in the Module: 172.16.42.1 example.com So dual question, I suppose: What exactly are the interfaces listed, can someone correct me on these? Did I miss an obvious explanation on wiki maybe? And also, can I find more information on setting up the DNS Spoof module? Im comfortable with SSH but not sure where to go to investigate DNS spoof related issues. Quote Link to comment Share on other sites More sharing options...
rpcodes Posted May 13, 2016 Share Posted May 13, 2016 Maybe DNS Spoof module is dead and replaced by DNS Masq module? https://forums.hak5.org/index.php?/topic/37893-dnsmasq-spoof/ Is there a list of known working configurations, in other words, should I be configuring something via SSH and not the web console? For either DNS spoof or masq Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted May 13, 2016 Author Share Posted May 13, 2016 Nothing is dead the fact is, it depends on a lot of parameters, and may not work in all situations. Quote Link to comment Share on other sites More sharing options...
Captain Posted May 31, 2016 Share Posted May 31, 2016 I can confirm that nothing is dead just as Whistle Master stated. I think DNSSPOOF is falling victim to a range of variable. For some reason, the functionality is a bit like flipping a coin as to whether it "works" or not. That "works" is qualified, as there are about 100 variables that seem to come into play. The biggest variables for me are: 1, the clients web browser \ device settings. 2, the interface the traffic is coming in on I am new here, but mad props to Whistle Master on all his hard work! Here is a quick run down on how I was able to get mine to work: 1. Setup your hosts list (I also added "172.16.42.1:1471 172.16.42.1:1471" to ensure I wouldn't get rerouted when coming into the management port (I dont think this is necessary, but I was just playing it safe) 2. run your DNSSPOOF session against br-lan (assuming you want to route all traffic that is passed). 3. either use the landing page section to create a page, or upload a custom payload to /www 4. Test your landing page by browsing to 172.16.42.1 to ensure your pineapple is serving up something that is in existence. 5. Ensure your pineapple is not serving internet (typically over WAN2) - for some reason, I have never been able to get DNSSPOOF to work if you are also serving internet. If you are having issues with it, try bouncing DNSSPOOF by enabling and disabling. Also, rebooting the pineapple seems to help as well. By no means is this anything new by way of information, but this is just my quick discoveries in messing with it for a few days.   1 Quote Link to comment Share on other sites More sharing options...
Forkish Posted May 31, 2016 Share Posted May 31, 2016 Thank you captain for an example of what works. Â I would love to see some more examples of what works written up on this and other modules. If I can deconstruct working examples, it allows me to understand how tweaking options relate to one another. Â Would somone write up some examples with their required parameters that allow for this module to work in some fashion or another? Quote Link to comment Share on other sites More sharing options...
Diogo Repas Posted July 25, 2016 Share Posted July 25, 2016 My DNSspoof module is not working correctly... Searching and testing made me realize that the problem is probably that dnsspoof is responding too slow to the DNS queries and the Google dns answers reach the client faster (as shown in the pcap below (ie. packets 9-13)), so the client's dns queries do not get spoofed. After a ton of googling I've found a post referring to a bug in kali's dnsspoof (https://bugs.kali.org/view.php?id=2631) and they mentioned the problem was with libpcap... Is it possible that something related is happening?  Thank you for your time, DRepas  dnsspoof-slow_response.pcap 1 Quote Link to comment Share on other sites More sharing options...
Mother Posted September 15, 2016 Share Posted September 15, 2016 So are the 2 modules even worth using. I have no luck in getting either module to work. Any thoughts? Â Quote Link to comment Share on other sites More sharing options...
RChadwick Posted September 21, 2016 Share Posted September 21, 2016 Silly question, but can DNSSpoof be run from command line? I wanted to make an Evil Portal that would automatically activate DSNSpoof, hoping I can do it from PHP. Thanks! Quote Link to comment Share on other sites More sharing options...
Just_a_User Posted September 21, 2016 Share Posted September 21, 2016 (edited) 3 hours ago, RChadwick said: Silly question, but can DNSSpoof be run from command line? I wanted to make an Evil Portal that would automatically activate DSNSpoof, hoping I can do it from PHP. Thanks! Think so, /usr/sbin# ./dnsspoof -h Version: 2.4 Usage: dnsspoof [-i interface] [-f hostsfile] [expression] Edited September 21, 2016 by Just_a_User Quote Link to comment Share on other sites More sharing options...
TimberSweet Posted November 13, 2016 Share Posted November 13, 2016 This might be a bone noob question but is it possible to have multiple landing pages for multiple hosts? I want to use DNSSpoof in an organisation and harvest the credentials from a number of landing pages - can this be done or does the index.php file on the main landing page have to handle this? TIA TS Quote Link to comment Share on other sites More sharing options...
khanbari Posted April 19, 2017 Share Posted April 19, 2017 (edited) Dnsspoof never worked for me. The point made in the trailing post about the  Internet offered should be disabled to make it work is just defeating the purpose of having the module in the first place. I want to serve Internet to the client and only want to spoof selected dns. Did anyone managed to get this working? I'm using nano. Edited April 19, 2017 by khanbari Quote Link to comment Share on other sites More sharing options...
esa Posted April 19, 2017 Share Posted April 19, 2017 3 hours ago, khanbari said: Dnsspoof never worked for me. The point made in the trailing post about the  Internet offered should be disabled to make it work is just defeating the purpose of having the module in the first place. I want to serve Internet to the client and only want to spoof selected dns. Did anyone managed to get this working? I'm using nano. Use DnsMasq. Dnsspoof is not working. please read Diogo Repas's post. Quote My DNSspoof module is not working correctly... Searching and testing made me realize that the problem is probably that dnsspoof is responding too slow to the DNS queries and the Google dns answers reach the client faster (as shown in the pcap below (ie. packets 9-13)), so the client's dns queries do not get spoofed. After a ton of googling I've found a post referring to a bug in kali's dnsspoof (https://bugs.kali.org/view.php?id=2631) and they mentioned the problem was with libpcap... Is it possible that something related is happening? I have also confirmed this issue of slow dns response. Quote Link to comment Share on other sites More sharing options...
khanbari Posted April 19, 2017 Share Posted April 19, 2017 27 minutes ago, esadako said: Use DnsMasq. Dnsspoof is not working. please read Diogo Repas's post. I have also confirmed this issue of slow dns response. Hi Thanks for the response. I'm glad to be part of such a team. I'm using both the spoof modules and it doesn't seems to work. Is it just me? Tested the below dns which does not exist and the browser lands me to page not found. http://hak333333e.com I'm mapping 172.16.42.1 *. * Quote Link to comment Share on other sites More sharing options...
esa Posted April 20, 2017 Share Posted April 20, 2017 20 hours ago, khanbari said: Hi Thanks for the response. I'm glad to be part of such a team. I'm using both the spoof modules and it doesn't seems to work. Is it just me? Tested the below dns which does not exist and the browser lands me to page not found. http://hak333333e.com I'm mapping 172.16.42.1 *. *  On DNSMasq, modify the host file as such 172.16.42.1 example.com www.example.com mail.example.com 172.16.42.1 * modify the landing as such <html> <head> <title>PHP Test</title> </head> <body> <?php echo '<p>Hello World</p>'; ?> </body> </html> 1) Connect your device to a AP generated by Pineapple 2) Ensure that your device has internet after connecting to the Pineapple AP 3) Start DNSMasq Spoof. 4) Close all browsers/delete cache 5) Surf to any website. Only 1 of 2 outcome if ur DNSMasq works a) you see a Hello World on the browser b) The browser refuses to connect due to HSTS Quote Link to comment Share on other sites More sharing options...
khanbari Posted April 20, 2017 Share Posted April 20, 2017 5 hours ago, esadako said:  On DNSMasq, modify the host file as such 172.16.42.1 example.com www.example.com mail.example.com 172.16.42.1 * modify the landing as such <html> <head> <title>PHP Test</title> </head> <body> <?php echo '<p>Hello World</p>'; ?> </body> </html> 1) Connect your device to a AP generated by Pineapple 2) Ensure that your device has internet after connecting to the Pineapple AP 3) Start DNSMasq Spoof. 4) Close all browsers/delete cache 5) Surf to any website. Only 1 of 2 outcome if ur DNSMasq works a) you see a Hello World on the browser b) The browser refuses to connect due to HSTS Thanks for the response. I'm still with no success. Used the same steps as mentioned. Only example.com seems to work but the wild card doesn't. 1 Quote Link to comment Share on other sites More sharing options...
esa Posted April 21, 2017 Share Posted April 21, 2017 7 hours ago, khanbari said: Thanks for the response. I'm still with no success. Used the same steps as mentioned. Only example.com seems to work but the wild card doesn't. Okay try using this  Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.