Forum Thread: DNS Spoofing Doesn't Work

i start trying DNS Spoofing, first time was working when i try it on my smartphone and it was great but when i try it on my windows I'v open the browser he stay loading and show message that insecure certificat.

what i should do!!!!

2 Responses

You have probably tried to dns spoof a website that uses SSL

when you visit the legitimate website, the server of that website sends you a ssl certificate containing a public key
This certificate needs to be signed by a trusted CA(certificate authority)
So if you spoof a ssl protected website, you'll need to send that certificate to the client.

That won't cause an error in the browser of the victim, but you won't be able to see anything because after receiving the certificate, the client will encrypt the data with the public key

and that data can only be decrypted with the private key.(The Public and Private key pair are two uniquely related cryptographic keys

they are mathematically related, so whatever is encrypted with the public key can only be decrypted by the private one.)

But the private key is only available to the client, so you cannot decrypt the connection.
Now you might think:
what if I send a self signed certificate?

That won't work either because the certificate needs to be signed by a trusted CA, and since you're not one, the same error will be displayed.

And you won't be able to get a signed certificate by a trusted CA unless you prove that the website is in fact yours.

To be able to successfully spoof the DNS address of a website on your network you'll need to use something like sslstrip, and that doesn't always work.

If you have any further questions on the subject, I'll be glad to help,
hope my answer helped,
happy hacking, -ali

Excellent answer from Ali. I'd go as far to say DNS spoofing is dead. SSLStrip and SSLStrip2 rarely if ever work and any half recent iteration/version of Chrome/Firefox/pretty much any browser won't even let your victim proceed to any SSL protected website if it detects MITM, proxying, HTTP data interference of any kind. So even the most n00b/reckless of users can't just ignore security warnings and proceed anyway. Best bet is to deauth, rougue/clone the AP and phish what you need with a persistent router firmware update demand from http://theirtelco/ before they work out what's going on.

EDIT ... in theory, of course.

Share Your Thoughts

  • Hot
  • Active