funnybunny Posted December 22, 2017 Share Posted December 22, 2017 wanted to determine if anyone else is having issue with switch2 DNSSpoof of the packet squirrel (PS) firmware v1.2 reloaded twice default switch2\payload.sh modified switch2\spoofhost with address=/www.cnn.com/www.foxnews.com i have got both switch1 TCPDump and switch3 OpenVPN to work flawlessly switch2 the client computer connected to the PS does not receive an IP therefore is not able to surf the internet for spoofing to even be a problem when connected to the same client computer switch1 receives an IP and records network traffic and the client computer is able to browse the internet when connected to the same client computer switch3 receives an IP, starts OpenVPN connection to seedbox, seedbox tun0 active and SSH back through the tunnel is successful to the PS i understand the DNSSpoof switch2 being more just a trickery option and more than likely something not used in the wild except for screwing with friends point being i'm wondering if something wrong with my PS Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted December 22, 2017 Share Posted December 22, 2017 Why would something be wrong with it if everything else is working fine? AFAIK you cannot redirect a domain to another domain, it has to be a domain to an IP. Try doing something like this and then pinging the FQDN from the client: address=/packetsquirrel/172.16.32.1 address=/packetsquirrel.com/172.16.32.1 # Then ping.. ping packetsquirrel ping packetsquirrel.com You could do further testing with a webserver running on the Packet Squirrel as well. Or do an nslookup or similar. Link to comment Share on other sites More sharing options...
funnybunny Posted December 24, 2017 Author Share Posted December 24, 2017 Ah maybe I'm not clear on the use of dnsspoof. Appears that is only going to redirect traffic to the PS. In your example when someone want to go to <ps>.com it will send it to the PS IP 172.16.32 1 assuming there will be a fake site there? My issue involves more the fact that I'm not getting an IP from DHCP therefore the client is not able to surf the internet. Works on the tcpdump and openvpn switches and gets an IP so not quite sure why it's not working. Tried on Windows and Linux Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted December 25, 2017 Share Posted December 25, 2017 You (as a person using a client computer, 'victim') or the PS is not getting an IP from DHCP? If you want the PS to have an IP from DHCP you need to set it to BRIDGE mode, which will give the PS and the client computer ('victim') an IP from the host network plugged into the PS. NAT mode means the PS hosts a network, giving the client computer an IP in the range 172.16.32.100+, and has the IP 172.16.32.1. Link to comment Share on other sites More sharing options...
funnybunny Posted January 2, 2018 Author Share Posted January 2, 2018 OK so modified the spoofhost (2.19.81.119 whitehouse.gov) address=/cnn.com/2.19.81.119 address=/www.cnn.com/2.19.81.119 address=/foxnews.com/2.19.81.119 address=/www.foxnews.com/2.19.81.119 the DHCP works now and the PS receives an IP ping www.cnn.com reports 2.19.81.119 ping www.foxnews.com reports 2.19.81.119 nslookup www.cnn.com reports 2.19.81.119 nslookup www.foxnews.com reports 2.19.81.119 use firefox to browse cnn.com or www.cnn.com it results in a "invalid URL" page use firefox to browse foxnews.com or www.foxnews.com it actually goes to the correct web page my understanding is that going to cnn.com on a machine behind the PS should go to the web page 2.19.81.119 whitehouse.gov but it does not same with foxnews.com Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted January 2, 2018 Share Posted January 2, 2018 My understanding is that since there are a limited number of IPs, web hosting providers have to host multiple websites on a single IP. It could be that the IP you're accessing doesn't know which website to route you to. I could definitely be wrong, though. I don't fully understand how it works. They may even use different ports for each website and redirect you to a port depending on what website you asked for, which would mean that when you redirect those domains to that IP it's trying to resolve to the same ports as the actual website and they don't exist on that IP. I don't know. :) I'm just speculating. Maybe one of my many theories are right, maybe not. I'm sure a quick Google will resolve what you're after. Here's one answer: https://serverfault.com/questions/106882/how-do-you-have-one-ip-address-and-many-websites Just Google "host multiple websites on one IP", should be enough answers to get a better understanding. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.