Whistle Master Posted March 14, 2016 Share Posted March 14, 2016 Module: DNSMasq Spoof Version: 1.0 Features: Manage dependencies Configure hosts file Live output Quote Link to comment Share on other sites More sharing options...
Sergeant Ducky Posted April 7, 2016 Share Posted April 7, 2016 Hi i just installed this module.but it is also not working.I tested for the default example, but nothing happens.P.S. i am a newbie. So u gotta be thorough with me Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted April 7, 2016 Author Share Posted April 7, 2016 (edited) Have you entered a list of domains to be redirected ? In the correct format (DNSMasq format) ? Edited April 7, 2016 by Whistle Master 1 Quote Link to comment Share on other sites More sharing options...
8-bits Posted April 7, 2016 Share Posted April 7, 2016 Hello Whistle Master, First of all I realy appreciate what you are doing in here. I just want to report that it is also not working for me! It is not even showing outputs, the domain that I entered to be redirected is as follow: 172.16.42.1 * I use "*" to redirect everything for now. I ran PS via SSH and it show me the process running. Also with DNSMasq you can tell it on wish interface to run. I am here if you need any more details. Quote Link to comment Share on other sites More sharing options...
8-bits Posted April 7, 2016 Share Posted April 7, 2016 I mean can't tell it on wish interface to run*** Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted April 7, 2016 Author Share Posted April 7, 2016 You cannot use wildcards (*) or regex within that file (e.g. you cannot say 172.16.42.1 *). You need to know the shorthand hostname or the FQDN of what you want to return a falsified DNS A record for. Example: 172.16.42.1 example.com www.example.com 1 Quote Link to comment Share on other sites More sharing options...
8-bits Posted April 8, 2016 Share Posted April 8, 2016 noted will try it tomorrow and get back to you. Thank you very much for your efort :D Quote Link to comment Share on other sites More sharing options...
AceKills Posted May 2, 2016 Share Posted May 2, 2016 Uhm I know this is a kinda old threat but i have a Newbie Question for DNSSpoof ... it ask's me what interface i want to Spoof which one should I select ? Quote Link to comment Share on other sites More sharing options...
i8igmac Posted May 2, 2016 Share Posted May 2, 2016 If wlan1 is connected to the access point, then this will be your interface used in the attack. Quote Link to comment Share on other sites More sharing options...
AceKills Posted May 2, 2016 Share Posted May 2, 2016 So when im out in the field and i have for example My mobile for a hotspot and i connect the pineapple to that Hotspot with Client mode then Wlan0 is my interface ? Quote Link to comment Share on other sites More sharing options...
i8igmac Posted May 2, 2016 Share Posted May 2, 2016 if you loginto the pineapple and run iwconfig, you will see what device is conneted to the hotspot. Quote Link to comment Share on other sites More sharing options...
AceKills Posted May 3, 2016 Share Posted May 3, 2016 Thanks. :D Quote Link to comment Share on other sites More sharing options...
Sergeant Ducky Posted May 12, 2016 Share Posted May 12, 2016 Have you entered a list of domains to be redirected ? In the correct format (DNSMasq format) ? Hi, i entered the list of domains as "17.16.42.1 www.facebook.com facebook.com". It worked before, but not on browsers like chrome,firefox etc. It only worked on the stock web browser of my android phone. Also now i checked it again and it is not working at all. It is not spoofing facebook, however it did spoofed example.com. Please tell me what the issue could be Whistle Master. Quote Link to comment Share on other sites More sharing options...
Forkish Posted May 12, 2016 Share Posted May 12, 2016 Hi, i entered the list of domains as "17.16.42.1 www.facebook.com facebook.com". It worked before, but not on browsers like chrome,firefox etc. It only worked on the stock web browser of my android phone. Also now i checked it again and it is not working at all. It is not spoofing facebook, however it did spoofed example.com. Please tell me what the issue could be Whistle Master. The secret is to make sure your clients only use crummy browsers and they hate the letter 'S' in https. Or the onces with broken 'S' buttons. 1 Quote Link to comment Share on other sites More sharing options...
rpcodes Posted May 13, 2016 Share Posted May 13, 2016 Spoonish, does this mean Chrome on Android for example, is not a crummy browser? Lets see, crummy, do you mean IE for Windows maybe? Where can I find information about the proper operating conditions for either DNS Spoof or DNS Masq ? What clients will / wont be fooled, etc Quote Link to comment Share on other sites More sharing options...
Forkish Posted May 13, 2016 Share Posted May 13, 2016 I have no idea honestly, I was just being cheeky. Check this thread out. It gives the clients something that use wispr. Deconstruct it and there's sure to be gold. https://forums.hak5.org/index.php?/topic/37656-using-a-nano-to-fake-internet-access/?hl=dnsmasq#entry273491 Quote Link to comment Share on other sites More sharing options...
Super Shaft Posted September 30, 2016 Share Posted September 30, 2016 I have started configuring and using DnsMarkSpoof on both Tetra and Nano and it does the job. Nevertheless, the page shown instead of the real website is not the one I want. It's always the index.php file included in the www folder. To change this, I have edited the file module.php included in /pineapple/modules/DNSMasqSpoof/api/ to point to a folder called dnsspoof at /www/dnsspoof/ $filename = '/www/dnsspoof/index.php'; file_put_contents($filename, $this->request->configurationData); } private function getLandingPageData() { $configurationData = file_get_contents('/www/dnsspoof/index.php'); $this->response = array("configurationData" => $configurationData); } despite this change, it's still pointing to www/index.php. What am I doing wrong? Thank you for your help. Quote Link to comment Share on other sites More sharing options...
Super Shaft Posted October 4, 2016 Share Posted October 4, 2016 Nobody to resolve this issue? Not even the author of this module? I have completely analyzed the code but unfortunately, I have not found the solution. If some has gotten it or has any idea, thanks in advance... ;-) Quote Link to comment Share on other sites More sharing options...
sud0nick Posted October 4, 2016 Share Posted October 4, 2016 You could try posting in the actual support thread for the module. Quote Link to comment Share on other sites More sharing options...
Super Shaft Posted October 5, 2016 Share Posted October 5, 2016 9 hours ago, sud0nick said: You could try posting in the actual support thread for the module. Thank you Sud0nick Quote Link to comment Share on other sites More sharing options...
Super Shaft Posted October 5, 2016 Share Posted October 5, 2016 I have started configuring and using DnsMarkSpoof on both Tetra and Nano and it does the job. Nevertheless, the page shown instead of the real website is not the one I want. It's always the index.php file included in the www folder. To change this, I have edited the file module.php included in /pineapple/modules/DNSMasqSpoof/api/ to point to a folder called dnsspoof at /www/dnsspoof/ $filename = '/www/dnsspoof/index.php'; file_put_contents($filename, $this->request->configurationData); } private function getLandingPageData() { $configurationData = file_get_contents('/www/dnsspoof/index.php'); $this->response = array("configurationData" => $configurationData); } despite this change, it's still pointing to www/index.php. What am I doing wrong? Thank you for your help. Quote Link to comment Share on other sites More sharing options...
Torrey Posted October 5, 2016 Share Posted October 5, 2016 3 hours ago, Super Shaft said: I have started configuring and using DnsMarkSpoof on both Tetra and Nano and it does the job. Nevertheless, the page shown instead of the real website is not the one I want. It's always the index.php file included in the www folder. To change this, I have edited the file module.php included in /pineapple/modules/DNSMasqSpoof/api/ to point to a folder called dnsspoof at /www/dnsspoof/ $filename = '/www/dnsspoof/index.php'; file_put_contents($filename, $this->request->configurationData); } private function getLandingPageData() { $configurationData = file_get_contents('/www/dnsspoof/index.php'); $this->response = array("configurationData" => $configurationData); } despite this change, it's still pointing to www/index.php. What am I doing wrong? Thank you for your help. I'd suggest leaving everything as-is with the module, especially if you're not familiar with programming or the module's source and use a solution like the one I've put up on pastebin. The code here would go in your index.php file. Quote Link to comment Share on other sites More sharing options...
Super Shaft Posted October 5, 2016 Share Posted October 5, 2016 Thank you Torrey for your help, I have found a way to resolve this issue. FYI, I use the Work Bench of "evil portal" module to get the right page in the DnsMaskSpoof module, and it works. About your solution, it seems great. I'll test it soon. Thx. Quote Link to comment Share on other sites More sharing options...
Super Shaft Posted October 14, 2016 Share Posted October 14, 2016 Has anybody a solution to resolve the issue of DNSMaskSpoof with SSL websites? Thank you. Quote Link to comment Share on other sites More sharing options...
Mother Posted October 18, 2016 Share Posted October 18, 2016 Anyone have a write up on how to get DNSMasq to work properly? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.