Author Topic: dSploit Website Redirect Feature  (Read 9749 times)

electroblu3

  • Newbie
  • *
  • Posts: 21
    • View Profile
on: April 16, 2013, 11:16:00 AM
Hi,

Does anyone know how the website redirect feature works on dSploit. I am trying to replicate this using BackBox and redirect all traffic from my network to a single website. I know how to dns spoof with ettercap but that only redirects whatever is defined in the etter.dns file, I want to redirect all traffic to a single website. I think it may be something to do with iptables but I'm not entirely sure.

Any help is appreciated. Thanks.



evilsocket

  • Full Member
  • ***
  • Posts: 177
    • View Profile
    • http://www.emoticode.net
Reply #1 on: April 16, 2013, 07:44:59 PM
Well, let's start :)

First of all, i assume you already know how arp spoofing works on dSploit and in general, so i'm not gonna explain this ... let's just state that all network traffic is routed by your phone.

To obtain a correct HTTP redirection, dSploit does the following:

  • Redirect all incoming traffic with iptables from port 80 to port 8080 where its java transparent proxy is listening.
  • The proxy will just connect to the target website sending the original http request.

So on your target server you will receive requests such as:

Code: [Select]
GET / HTTP/1.1
Host: www.youtube.com
...
...

( for instance )

And you have to configure it to serve them accordingly.

The short answer to your question is, do some iptables magic and use a transparent proxy on your local machine :)



electroblu3

  • Newbie
  • *
  • Posts: 21
    • View Profile
Reply #2 on: April 17, 2013, 11:15:21 AM
Many thanks for your response and I just want to say amazing work with dSploit, sheer genius ;D.Yes I am familiar with arp spoofing. So based on what you have said, I would first need to:

Arpspoof:

Code: [Select]
arpspoof -i wlan0 -t "targetip" "gatewayip"
Forward all traffic to me:

Code: [Select]
echo '1' > /proc/sys/net/ipv4/ip_forward
Forward to port 8080

Code: [Select]
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
Now this is the part I get stuck at  ???. I am assuming I need to use the following:

Code: [Select]
iptables -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination "destination_website_ip"
Thanks in advance.



evilsocket

  • Full Member
  • ***
  • Posts: 177
    • View Profile
    • http://www.emoticode.net
Reply #3 on: April 17, 2013, 11:17:49 AM
Oh i see you are trying to use iptables to proxy the request ... well in this case, i don't know, i use a java transparent proxy i wrote ....



electroblu3

  • Newbie
  • *
  • Posts: 21
    • View Profile
Reply #4 on: April 17, 2013, 11:27:09 AM
Oh well it was worth a try, thanks anyway.

I'm going to have to put a hold on it anyway as my BackBox has stopped booting ever since the new update  >:(