Jump to content

[Official] DNSspoof


Whistle Master

Recommended Posts

dnsspoof may not work in all cases. I'm looking at doing the same with dnsmasq and will work on a module for that.

tes for the reply , but could you explain how it is function after you have intercepted the domain ? ( this part is running perfectly) . so maybe can help

Link to comment
Share on other sites

  • Replies 66
  • Created
  • Last Reply
  • 1 month later...

Feeling a little lost here. Waiting for Pineapple to reboot, as even trying DWall isn't showing results. It has worked in the past. But what I want to do, is send example.com requests to the pineapple via DNS Spoof.

What I did was install DNSSpoof, its dependencies, then tried Start. Then I visited example.com from a connected android device, and didn't get to pineapple.

So, since I am a little unsure about what some of these interfaces are, and I don't see any explanation on Universisty / wiki, I just tried this on each interface:

1. Change interface in menu

2. Press start

3. If no error, try to go to example.com on Android

My results were mostly errors, and not once did I see what I expected (pineapple's hello world example page)

wlan0 - I am assuming this is what clients are connected to when using Karma
dnsspoof: wlan0: no IPv4 address assigned
dnsspoof: couldn't initialize sniffing
wlan0-1 - not sure if this is what clients also connect to, or if admin portal
dnsspoof: wlan0-1: no IPv4 address assigned
dnsspoof: couldn't initialize sniffing
eth0 - okay, the ethernet port - I have nothing connected here
dnsspoof: eth0: no IPv4 address assigned
dnsspoof: couldn't initialize sniffing
eth1: Only one ethernet port, so not sure if this might be the unused USB?
dnsspoof: eth1: no IPv4 address assigned
dnsspoof: couldn't initialize sniffing
wlan1mon - what is this?
dnsspoof: unknown physical layer type 0x323
lo: tried using a connected android (v5.0) client visiting example.com goes to real site
dnsspoof: listening on lo [udp dst port 53 and not src 127.0.0.1]
br-lan: again not sure what this is, assuming it is connection to my linux box
dnsspoof: listening on br-lan [udp dst port 53 and not src 172.16.42.1]

My config in the Module:

172.16.42.1 example.com

So dual question, I suppose:

What exactly are the interfaces listed, can someone correct me on these? Did I miss an obvious explanation on wiki maybe?

And also, can I find more information on setting up the DNS Spoof module? Im comfortable with SSH but not sure where to go to investigate DNS spoof related issues.

Link to comment
Share on other sites

  • 3 weeks later...

I can confirm that nothing is dead just as Whistle Master stated. I think DNSSPOOF is falling victim to a range of variable.

For some reason, the functionality is a bit like flipping  a coin as to whether it "works" or not. That "works" is qualified, as there are about 100 variables that seem to come into play. The biggest variables for me are: 1, the clients web browser \ device settings. 2, the interface the traffic is coming in on

I am new here, but mad props to Whistle Master on all his hard work!

Here is a quick run down on how I was able to get mine to work: 1. Setup your hosts list (I also added "172.16.42.1:1471 172.16.42.1:1471" to ensure I wouldn't get rerouted when coming into the management port (I dont think this is necessary, but I was just playing it safe)  2. run your DNSSPOOF session against br-lan (assuming you want to route all traffic that is passed). 3. either use the landing page section to create a page, or upload a custom payload to /www 4. Test your landing page by browsing to 172.16.42.1 to ensure your pineapple is serving up something that is in existence. 5. Ensure your pineapple is not serving internet (typically over WAN2) - for some reason, I have never been able to get DNSSPOOF to work if you are also serving internet.

If you are having issues with it, try bouncing DNSSPOOF by enabling and disabling. Also, rebooting the pineapple seems to help as well.

By no means is this anything new by way of information, but this is just my quick discoveries in messing with it for a few days.

 

 

Link to comment
Share on other sites

Thank you captain for an example of what works.  I would love to see some more examples of what works written up on this and other modules. If I can deconstruct working examples, it allows me to understand how tweaking options relate to one another.  

Would somone write up some examples with their required parameters that allow for this module to work in some fashion or another?

Link to comment
Share on other sites

  • 1 month later...

My DNSspoof module is not working correctly...

Searching and testing made me realize that the problem is probably that dnsspoof is responding too slow to the DNS queries and the Google dns answers reach the client faster (as shown in the pcap below (ie. packets 9-13)), so the client's dns queries do not get spoofed.

After a ton of googling I've found a post referring to a bug in kali's dnsspoof (https://bugs.kali.org/view.php?id=2631) and they mentioned the problem was with libpcap... Is it possible that something related is happening?

 

Thank you for your time,

DRepas

 

dnsspoof-slow_response.pcap

Link to comment
Share on other sites

  • 1 month later...
  • Foxtrot locked, unlocked and locked this topic
3 hours ago, RChadwick said:

Silly question, but can DNSSpoof be run from command line? I wanted to make an Evil Portal that would automatically activate DSNSpoof, hoping I can do it from PHP. Thanks!

Think so,

/usr/sbin# ./dnsspoof -h
Version: 2.4
Usage: dnsspoof [-i interface] [-f hostsfile] [expression]
Link to comment
Share on other sites

  • 1 month later...

This might be a bone noob question but is it possible to have multiple landing pages for multiple hosts?

I want to use DNSSpoof in an organisation and harvest the credentials from a number of landing pages - can this be done or does the index.php file on the main landing page have to handle this?

TIA

TS

Link to comment
Share on other sites

  • 5 months later...

Dnsspoof never worked for me. 

The point made in the trailing post about the  Internet offered should be disabled to make it work is just defeating the purpose of having the module in the first place. 

I want to serve Internet to the client and only want to spoof selected dns. 

Did anyone managed to get this working? 

I'm using nano. 

Link to comment
Share on other sites

3 hours ago, khanbari said:

Dnsspoof never worked for me. 

The point made in the trailing post about the  Internet offered should be disabled to make it work is just defeating the purpose of having the module in the first place. 

I want to serve Internet to the client and only want to spoof selected dns. 

Did anyone managed to get this working? 

I'm using nano. 

Use DnsMasq. Dnsspoof is not working. please read Diogo Repas's post.

Quote

My DNSspoof module is not working correctly...

Searching and testing made me realize that the problem is probably that dnsspoof is responding too slow to the DNS queries and the Google dns answers reach the client faster (as shown in the pcap below (ie. packets 9-13)), so the client's dns queries do not get spoofed.

After a ton of googling I've found a post referring to a bug in kali's dnsspoof (https://bugs.kali.org/view.php?id=2631) and they mentioned the problem was with libpcap... Is it possible that something related is happening?

I have also confirmed this issue of slow dns response. 

Link to comment
Share on other sites

27 minutes ago, esadako said:

Use DnsMasq. Dnsspoof is not working. please read Diogo Repas's post.

I have also confirmed this issue of slow dns response. 

Hi 

Thanks for the response. I'm glad to be part of such a team. 

I'm using both the spoof modules and it doesn't seems to work. Is it just me? 

Tested the below dns which does not exist and the browser lands me to page not found. 

http://hak333333e.com

I'm mapping 172.16.42.1 *. *

Link to comment
Share on other sites

20 hours ago, khanbari said:

Hi 

Thanks for the response. I'm glad to be part of such a team. 

I'm using both the spoof modules and it doesn't seems to work. Is it just me? 

Tested the below dns which does not exist and the browser lands me to page not found. 

http://hak333333e.com

I'm mapping 172.16.42.1 *. *

 

On DNSMasq, modify the host file as such

172.16.42.1 example.com www.example.com mail.example.com
172.16.42.1 *

modify the landing as such

<html>
 <head>
  <title>PHP Test</title>
 </head>
 <body>
 <?php echo '<p>Hello World</p>'; ?> 
 </body>
</html>

1) Connect your device to a AP generated by Pineapple

2) Ensure that your device has internet after connecting to the Pineapple AP

3) Start DNSMasq Spoof.

4) Close all browsers/delete cache

5) Surf to any website. Only 1 of 2 outcome if ur DNSMasq works

a) you see a Hello World on the browser

b) The browser refuses to connect due to HSTS

Link to comment
Share on other sites

5 hours ago, esadako said:

 

On DNSMasq, modify the host file as such


172.16.42.1 example.com www.example.com mail.example.com
172.16.42.1 *

modify the landing as such


<html>
 <head>
  <title>PHP Test</title>
 </head>
 <body>
 <?php echo '<p>Hello World</p>'; ?> 
 </body>
</html>

1) Connect your device to a AP generated by Pineapple

2) Ensure that your device has internet after connecting to the Pineapple AP

3) Start DNSMasq Spoof.

4) Close all browsers/delete cache

5) Surf to any website. Only 1 of 2 outcome if ur DNSMasq works

a) you see a Hello World on the browser

b) The browser refuses to connect due to HSTS

Thanks for the response. 

I'm still with no success. 

Used the same steps as mentioned. 

Only example.com seems to work but the wild card doesn't. 

Link to comment
Share on other sites

7 hours ago, khanbari said:

Thanks for the response. 

I'm still with no success. 

Used the same steps as mentioned. 

Only example.com seems to work but the wild card doesn't. 

Okay try using this

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...