dSploit Website Redirect Feature

Started by electroblu3, April 16, 2013, 12:16:00 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

electroblu3

April 16, 2013, 12:16:00 PM
Hi,

Does anyone know how the website redirect feature works on dSploit. I am trying to replicate this using BackBox and redirect all traffic from my network to a single website. I know how to dns spoof with ettercap but that only redirects whatever is defined in the etter.dns file, I want to redirect all traffic to a single website. I think it may be something to do with iptables but I'm not entirely sure.

Any help is appreciated. Thanks.

evilsocket

#1
April 16, 2013, 08:44:59 PM
Well, let's start :)

First of all, i assume you already know how arp spoofing works on dSploit and in general, so i'm not gonna explain this ... let's just state that all network traffic is routed by your phone.

To obtain a correct HTTP redirection, dSploit does the following:


  • Redirect all incoming traffic with iptables from port 80 to port 8080 where its java transparent proxy is listening.
  • The proxy will just connect to the target website sending the original http request.

So on your target server you will receive requests such as:

Code Select
GET / HTTP/1.1
Host: www.youtube.com
...
...

( for instance )

And you have to configure it to serve them accordingly.

The short answer to your question is, do some iptables magic and use a transparent proxy on your local machine :)

electroblu3

#2
April 17, 2013, 12:15:21 PM
Many thanks for your response and I just want to say amazing work with dSploit, sheer genius ;D.Yes I am familiar with arp spoofing. So based on what you have said, I would first need to:

Arpspoof:

Code Select
arpspoof -i wlan0 -t "targetip" "gatewayip"

Forward all traffic to me:

Code Select
echo '1' > /proc/sys/net/ipv4/ip_forward

Forward to port 8080

Code Select
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

Now this is the part I get stuck at  ???. I am assuming I need to use the following:

Code Select
iptables -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination "destination_website_ip"

Thanks in advance.

evilsocket

#3
April 17, 2013, 12:17:49 PM
Oh i see you are trying to use iptables to proxy the request ... well in this case, i don't know, i use a java transparent proxy i wrote ....

electroblu3

#4
April 17, 2013, 12:27:09 PM
Oh well it was worth a try, thanks anyway.

I'm going to have to put a hold on it anyway as my BackBox has stopped booting ever since the new update  >:(

Print
Go Up Pages1
User actions