flok Posted September 18, 2017 Posted September 18, 2017 Hello, I just found out android phone sends requests to some Google domain i.e. http://clients1.google.com/http://clients3.google.com/ http://connectivitycheck.gstatic.comhttp://connectivitycheck.android.com to check if they are connected to Internet or not. I need to redirect these domains requests made by android to my captive portal in Linux after they are connected to my wifi hosted by my PC. It doesn't matter whether they access internet after redirecting to my CP. I just need to configure my AP to redirect these requests to my CP in linux. How can I do it? I am using Kali Linux 2.0 Thank you Quote
Dave-ee Jones Posted September 18, 2017 Posted September 18, 2017 Yeah, what you are looking for is either a host file entry or a DNS server that redirects you to specific IPs based on the domain queried. Android does support host file entries (there are many root apps that allow you to make entries in your hosts file), so that's not too hard. However if you don't want to play around with your Android's OS (or it's not rooted) then just use the DNS spoof method Spoonish commented. Quote
flok Posted September 28, 2017 Author Posted September 28, 2017 Hello guys, I have used ettercap for dns snoof. It worked but not 100% as I wished. I mean I have edited my etter dns.conf file and it worked when I tried to browse those webpages that I have listed for redirection. But the thing is I have made a captive portal it only opens when I open browser and enter some websites. Till now I can make any website redirect to my captive portal in my LAN. But I need to prompt "sign in needed" notification in android after connecting in my hotspot. What should be done to make sure that sign in prompts after connecting my hotspot? Thank you Quote
Dave-ee Jones Posted September 28, 2017 Posted September 28, 2017 The sign-in prompt has to do with the WiFi settings, not really the DNS settings. So if you have set a login portal on your AP (or something along those lines) the AP can tell a device (once it has connected) to login otherwise you don't get internet/WiFi capabilities. Quote
digip Posted September 29, 2017 Posted September 29, 2017 I used Fruity wifi to redirect my visitors, and can't remember, but I think it's DNSspoof that it uses along with responder to catch and redirect them. When you logon and open a browser on any device, it redirects to my portal page, which is just a bit of PHP and HTML that saves anything they type and enter on the form, to a CSV file. It is most definitely a DNS spoof attack. However, it will not work on anything that has HSTS, although I do have SSL enabled on my attacking machine, if the site uses HSTS, it won't work to send them the portal. It will capture the creds over https though so long as they don't have HSTS or hard coded sites in the browser(many browsers do this now for top sites like google and facebook), since the page runs locally on the server and is where I redirect them to, but HSTS will prevent loading if they try to go to say, google.com or facebook.com. For that, you apparently need SSL Strvip for V1 and V2, and I couldn't seem to get it working on my test machine, but that doens't mean it can't be done. SSLstrip v2 or SSlstrip+ claims to be able to bypass HSTS though. See here :https://github.com/LeonardoNve/sslstrip2 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.