Jump to content

Recommended Posts

Posted

Hello,

I just found out android phone sends requests to some Google domain i.e.

http://clients1.google.com/
http://clients3.google.com/
http://connectivitycheck.gstatic.com
http://connectivitycheck.android.com
 

to check if they are connected to Internet or not.
I need to redirect these domains requests made by android to my captive portal in Linux after they are connected to my wifi hosted by my PC. It doesn't matter whether they access internet after redirecting to my CP. I just need to configure my AP to redirect these requests to my CP in linux.

How can I do it?

I am using Kali Linux 2.0

 

Thank you

 

Posted

Yeah, what you are looking for is either a host file entry or a DNS server that redirects you to specific IPs based on the domain queried.

Android does support host file entries (there are many root apps that allow you to make entries in your hosts file), so that's not too hard. However if you don't want to play around with your Android's OS (or it's not rooted) then just use the DNS spoof method Spoonish commented.

Posted

Hello guys,

 

I have used ettercap for dns snoof. It worked but not 100% as I wished. I mean I have edited my etter dns.conf file and it worked when I tried to browse those webpages that I have listed for redirection.

But the thing is  I have made a captive portal it only opens when I open browser and enter some websites. Till now I can make any website redirect to my captive portal in my LAN. But I need to prompt "sign in needed" notification in android after connecting in my hotspot.

What should be done to make sure that sign in prompts after connecting my hotspot?

 

Thank you

Posted

The sign-in prompt has to do with the WiFi settings, not really the DNS settings.  So if you have set a login portal on your AP (or something along those lines) the AP can tell a device (once it has connected) to login otherwise you don't get internet/WiFi capabilities.

Posted

I used Fruity wifi to redirect my visitors, and can't remember, but I think it's DNSspoof that it uses along with responder to catch and redirect them. When you logon and open a browser on any device, it redirects to my portal page, which is just a bit of PHP and HTML that saves anything they type and enter on the form, to a CSV file. It is most definitely a DNS spoof attack. However, it will not work on anything that has HSTS, although I do have SSL enabled on my attacking machine, if the site uses HSTS, it won't work to send them the portal. It will capture the creds over https though so long as they don't have HSTS or hard coded sites in the browser(many browsers do this now for top sites like google and facebook), since the page runs locally on the server and is where I redirect them to, but HSTS will prevent loading if they try to go to say, google.com or facebook.com. For that, you apparently need SSL Strvip for V1 and V2, and I couldn't seem to get it working on my test machine, but that doens't mean it can't be done. SSLstrip v2 or SSlstrip+ claims to be able to bypass HSTS though.

See here :https://github.com/LeonardoNve/sslstrip2

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...