dSploit Website Redirect Feature

Started by electroblu3, April 16, 2013, 12:16:00 PM

Previous topic - Next topic

electroblu3

Hi,

Does anyone know how the website redirect feature works on dSploit. I am trying to replicate this using BackBox and redirect all traffic from my network to a single website. I know how to dns spoof with ettercap but that only redirects whatever is defined in the etter.dns file, I want to redirect all traffic to a single website. I think it may be something to do with iptables but I'm not entirely sure.

Any help is appreciated. Thanks.

evilsocket

Well, let's start :)

First of all, i assume you already know how arp spoofing works on dSploit and in general, so i'm not gonna explain this ... let's just state that all network traffic is routed by your phone.

To obtain a correct HTTP redirection, dSploit does the following:


  • Redirect all incoming traffic with iptables from port 80 to port 8080 where its java transparent proxy is listening.
  • The proxy will just connect to the target website sending the original http request.

So on your target server you will receive requests such as:

GET / HTTP/1.1
Host: www.youtube.com
...
...


( for instance )

And you have to configure it to serve them accordingly.

The short answer to your question is, do some iptables magic and use a transparent proxy on your local machine :)

electroblu3

Many thanks for your response and I just want to say amazing work with dSploit, sheer genius ;D.Yes I am familiar with arp spoofing. So based on what you have said, I would first need to:

Arpspoof:

arpspoof -i wlan0 -t "targetip" "gatewayip"

Forward all traffic to me:

echo '1' > /proc/sys/net/ipv4/ip_forward

Forward to port 8080

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

Now this is the part I get stuck at  ???. I am assuming I need to use the following:

iptables -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination "destination_website_ip"

Thanks in advance.

evilsocket

Oh i see you are trying to use iptables to proxy the request ... well in this case, i don't know, i use a java transparent proxy i wrote ....

electroblu3

Oh well it was worth a try, thanks anyway.

I'm going to have to put a hold on it anyway as my BackBox has stopped booting ever since the new update  >:(