Jump to content

[Official] DNSMasq Spoof


Recommended Posts

  • 4 weeks later...

Hello Whistle Master,

First of all I realy appreciate what you are doing in here.

I just want to report that it is also not working for me!

It is not even showing outputs, the domain that I entered to be redirected is as follow:

172.16.42.1 *

I use "*" to redirect everything for now. I ran PS via SSH and it show me the process running. Also with DNSMasq you can tell it on wish interface to run. I am here if you need any more details.

Link to comment
Share on other sites

You cannot use wildcards (*) or regex within that file (e.g. you cannot say 172.16.42.1 *).

You need to know the shorthand hostname or the FQDN of what you want to return a falsified DNS A record for.

Example: 172.16.42.1 example.com www.example.com

Link to comment
Share on other sites

  • 4 weeks later...
  • 2 weeks later...

Have you entered a list of domains to be redirected ?

In the correct format (DNSMasq format) ?

Hi,

i entered the list of domains as "17.16.42.1 www.facebook.com facebook.com".

It worked before, but not on browsers like chrome,firefox etc. It only worked on the stock web browser of my android phone.

Also now i checked it again and it is not working at all. It is not spoofing facebook, however it did spoofed example.com.

Please tell me what the issue could be Whistle Master.

Link to comment
Share on other sites

Hi,

i entered the list of domains as "17.16.42.1 www.facebook.com facebook.com".

It worked before, but not on browsers like chrome,firefox etc. It only worked on the stock web browser of my android phone.

Also now i checked it again and it is not working at all. It is not spoofing facebook, however it did spoofed example.com.

Please tell me what the issue could be Whistle Master.

The secret is to make sure your clients only use crummy browsers and they hate the letter 'S' in https. Or the onces with broken 'S' buttons.

Link to comment
Share on other sites

Spoonish, does this mean Chrome on Android for example, is not a crummy browser? Lets see, crummy, do you mean IE for Windows maybe?

Where can I find information about the proper operating conditions for either DNS Spoof or DNS Masq ? What clients will / wont be fooled, etc

Link to comment
Share on other sites

I have no idea honestly, I was just being cheeky. Check this thread out. It gives the clients something that use wispr. Deconstruct it and there's sure to be gold. https://forums.hak5.org/index.php?/topic/37656-using-a-nano-to-fake-internet-access/?hl=dnsmasq#entry273491

Link to comment
Share on other sites

  • 4 months later...

I have started configuring and using DnsMarkSpoof on both Tetra and Nano and it does the job. Nevertheless, the page shown instead of the real website is not the one I want. It's always the index.php file included in the www folder. To change this, I have edited the file module.php included in /pineapple/modules/DNSMasqSpoof/api/ to point to a folder called dnsspoof at /www/dnsspoof/

            $filename = '/www/dnsspoof/index.php';
            file_put_contents($filename, $this->request->configurationData);
    }

    private function getLandingPageData()
    {
            $configurationData = file_get_contents('/www/dnsspoof/index.php');
            $this->response = array("configurationData" => $configurationData);
    }

despite this change, it's still pointing to www/index.php. What am I doing wrong?
Thank you for your help.

Link to comment
Share on other sites

I have started configuring and using DnsMarkSpoof on both Tetra and Nano and it does the job. Nevertheless, the page shown instead of the real website is not the one I want. It's always the index.php file included in the www folder. To change this, I have edited the file module.php included in /pineapple/modules/DNSMasqSpoof/api/ to point to a folder called dnsspoof at /www/dnsspoof/

            $filename = '/www/dnsspoof/index.php';
            file_put_contents($filename, $this->request->configurationData);
    }

    private function getLandingPageData()
    {
            $configurationData = file_get_contents('/www/dnsspoof/index.php');
            $this->response = array("configurationData" => $configurationData);
    }

despite this change, it's still pointing to www/index.php. What am I doing wrong?
Thank you for your help.

Link to comment
Share on other sites

3 hours ago, Super Shaft said:

I have started configuring and using DnsMarkSpoof on both Tetra and Nano and it does the job. Nevertheless, the page shown instead of the real website is not the one I want. It's always the index.php file included in the www folder. To change this, I have edited the file module.php included in /pineapple/modules/DNSMasqSpoof/api/ to point to a folder called dnsspoof at /www/dnsspoof/

            $filename = '/www/dnsspoof/index.php';
            file_put_contents($filename, $this->request->configurationData);
    }

    private function getLandingPageData()
    {
            $configurationData = file_get_contents('/www/dnsspoof/index.php');
            $this->response = array("configurationData" => $configurationData);
    }

despite this change, it's still pointing to www/index.php. What am I doing wrong?
Thank you for your help.

I'd suggest leaving everything as-is with the module, especially if you're not familiar with programming or the module's source and use a solution like the one I've put up on pastebin. The code here would go in your index.php file.

Link to comment
Share on other sites

  • 2 weeks later...

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...