Hello people. I would like to ask, how can I redirect all traffic going on network to another webserver, for example, local Apache server. I did ARP Cache Poisoning, all traffic on network seems to be going through me, but I need to redirect it somewhere else.
Thanks!
Forum Thread:
When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen.
8
Replies
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
2
Replies
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
Metasploit Error:
Handler Failed to Bind
41
Replies
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
Forum Thread:
How to Run and Install Kali Linux on a Chromebook
18
Replies
Forum Thread:
How to Find Admin Panel Page of a Website?
13
Replies
Forum Thread:
can i run kali lenux in windows 10 without reboting my computer
4
Replies
Forum Thread:
How to Hack School Website
11
Replies
Forum Thread:
Make a Phishing Page for Harvesting Credentials Yourself
8
Replies
Forum Thread:
Creating an Completely Undetectable Executable in Under 15 Minutes!
38
Replies
How To:
Exploit EternalBlue on Windows Server with Metasploit
How To:
Dox Anyone
How To:
Automate Wi-Fi Hacking with Wifite2
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
How To:
Crack Shadow Hashes After Getting Root on a Linux System
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
How To:
Hack Apache Tomcat via Malicious WAR File Upload
BT Recon:
How to Snoop on Bluetooth Devices Using Kali Linux
How To:
Hack Wi-Fi Networks with Bettercap
How To:
Binary Patching. The Brute Force of Reverse Engineering with IDA and Hopper (And a Hex Editor).
How To:
Scan for Vulnerabilities on Any Website Using Nikto
How To:
Crack SSH Private Key Passwords with John the Ripper
How To:
Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
How To:
Find Vulnerable Webcams Across the Globe Using Shodan
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
How To:
Gain SSH Access to Servers by Brute-Forcing Credentials
How To:
Enumerate SMB with Enum4linux & Smbclient
How To:
Create a Persistent Back Door in Android Using Kali Linux:
Hacking macOS:
How to Hack a Mac Password Without Changing It
36 Responses
Are you basically executing an arpspoof-like attack?
TRT
Yes (arpspoof -t <target IP> <Gateway>) and in another terminal (arpspoof -t <gateway> <target IP>)
What do you mean by "I need to redirect it somewhere else"? Are you looking to setup a phishing attack? Or you just want to sniff traffic with tools like tcpdump and Wireshark?
Be specific about what you want to do, and this requires a reply with more than one line of explanation. It is really hard to help you otherwise.
TRT
Yes, I know, sorry. No, it won't be for phishing. Does it matter where it will be redirected? I can say it will be redirected to another website IP.
For that you could use dnsspoof (or something alike). But first you will need to create a file that will specify the redirections, kind of like the /etc/hosts file. Let's go through the steps:
> touch redirect
> nano redirect
Now insert a website that you want to be redirected, followed by a tab, followed by the IP address of where you want to redirect the victim.
For example, let's say I wanted to redirect the victim to WHT every time they try to access Adobe's website. I would insert the line:
adobe.com****8.26.65.101
(Four stars indicate a tab, I just can't write tabs in the comments here.)
If you want to add more entries, do so on a new line for each entry. You can also specify subdomains, all subdomains with a * (wildcard), and just IP to IP redirects. Basically the format is:
<source><tab_key><destination>
Moving on, save the file by pressing Ctrl+x then y and finally Enter. Now to get the process going, type:
> dnsspoof -i <interface> -f <file>
In our example case, the file was called redirect and let's pretend the interface is wlan0:
> dnsspoof -i wlan0 -f redirect
That's pretty much it really. To see if it actually worked, use tcpdump and check if the traffic was redirected to the websites you specified in the redirect file.
TRT
Dnsspoof showed error. I will quote that error in a few minutes here.
Udp dst port 53 and not source <target server IP>
Drop a few screenshots (if you can) of the entire process.
(PS: use the in-built gallery feature so as not to clutter the comments)
TRT
I am on phone and my browser is formatting this website incorrectly. When pushing picture button, I can only see field for URL to take image from and I cannot see upload option...
Hold on a sec, this isn't an error. Is this what you are seeing?
dnsspoof: listening on __ [udp dst port 53 and not src __ ]
Have you tested the victim's side? It should work just fine. I'm highly positive you haven't tried to verify everything from the victim's machine.
TRT
Yes, that's it. Surprisingly, I did. I tried visiting website I want to redirect and it did not work. My hosts file is hosts without any extension and it look like this :
www.facebook.com <four spaces> destination IP
The 'error' to which you referred is not an error at all, in fact. Also, I can now tell you exactly why it failed. Facebook automatically creates an https link, even if you specify http in your browser. To support https you will need to use sslstrip (or sslstrip+ apparently).
How about you try to use the line from the above directions:
adobe.com****8.26.65.101
(Again, four stars for a tab.)
Then enter adobe.com (without 'www') from the victim's side and see if that redirects to this domain's beautiful front page.
TRT
The problem is I tried non-SSL websites in hosts file too, and it did the same.
If you are still on about the [udp dst port 53...] message you are seeing, then I don't know how to reiterate to you that it is not, in fact, an error. It is a message that is always shown by dnsspoof and in all of the test that I have conducted it has never indicated any sign of failure.
As for not being able to redirect, I don't know your exact issue. I have noticed, in the past, some people entering "www." before the domain name in the redirect file, and then when carrying out the actual test from the victim machine they forget to use it.
Not all websites have www as their main subdomain, and many do not redirect users who enter www to the front page. Therefore, if you want to cover all cases for a certain domain, you should add 2 entries:
adobe.com****8.26.65.101
*.adobe.com****8.26.65.101
This will ensure that whenever Adobe's domain is used, any and all subdomains, including the primary one, will redirect to WHT.
Carry out a few more trials, look over everything I've told you, make sure your adapter is not is monitor mode, reboot and start over. Then inform me of any accomplishments, if existent.
TRT
Can you give me your mail or Facebook or anything? I can send it there.
Have you already echo 1 > /proc/sys/net/ipv4/ip_forward ?
Of course...
TRT, no accomplishment..
It's not working, I followed every your step :
//Hosts file looks like this :
adobe.com TAB <destination website IP>
.adobe.com TAB <destination website IP>
It won't probably show that star before adobe.com because it will bold this text.
Alright, I might have figured out the issue, but I'm not entirely sure. Try changing the redirect file's contents to this:
adobe.com**A**8.26.65.101
*.adobe.com**A**8.26.65.101
(Two stars means 2 spaces, rather than a tab.)
Let me know if this works for you.
TRT
Not working, it did the same. Loaded their home page. For example, SSLstrip is working great, along with URLsnarf and things like that. So ARPspoof is configured correctly.
I will look into this when I get to the lab. This hasn't failed me, so I am curious to find out what I've missed out when explaining it to you.
TRT
TRT ... SUCCESS
Using ETTERCAP, I've redirected microsoft.com to my local IP. There are some problems, but I will try to fix them. Two more questions to get this done:
hosts:
www.microsoft.com A 192.168.100.10
microsoft.com A 192.168.100.10
By the way, screenshot those Ettercap errors and drop them down below. Let's get them out of the way and concentrate on the bigger picture, which involves getting your DNS intermediary to redirect traffic successfully using dns spoof.
TRT
OK. Yes, Ettercap is working now. I am going to make those screenshots now.
Thanks a lot.
I fixed those errors so we can now concentrate on DNSspoof. I tried using Ettercap etter.dns file for DNSspoof (dnsspoof -f etter.dns) and it didn't work. Same output than before: udp dst port 53...
Yes, I figured it wouldn't work, just wanted to make sure that was the case. Just use a file without an extension, with the entries I originally told you about, as the redirect file:
> touch redirect
> nano redirect
adobe.com****8.26.65.101
*.adobe.com****8.26.65.101
> arpspoof -i <interface> -t <target> <gateway>
> arpspoof -i <interface> -t <gateway> <target>
> dnsspoof -i <interface> -f redirect
dnsspoof: listening on <interface> [udp dst port 53 and not src _ ]
(Victim)
*visits adobe.com*
(Back to Attacker)
victim_IP.xxxx > gateway_IP.53: xxxx+ A? adobe.com
(Victim)
*presented with WHT's front page*
*looks confused*
And, for the millionth time, "udp dst port 53..." is not an error message. It is simply a declaration that port 53 (domain) will be used and that it was successful in its implementation (and so on).
TRT
Can I create that file using another editor (graphical) ?
You can use any editor you like. I just find nano very quick and easy. You can even just do:
> nano redirect
*type your entries*
Ctrl+O then Enter then Ctrl+X and you're over with this step.
Use whatever you feel comfortable with. Just know that getting accustomed to CLI interfaces will gradually make you more comfortable when in their presence.
TRT
It's not working, it's not redirecting...
Nope, not working....
Are you running anything in a Virtual Machine? Have you properly performed the ARP poisoning step? Is the victim actually on your network? Type ping -t 5 <target_IP> then ping -t 5 <gateway_IP> and reply back with a Pastebin link to both outputs. None of this makes any sense to me, as I have tested this numerous times.
TRT
Sorry, but do you think I am retarded that I can't follow exact steps? Of course I did, and IT IS on my LAN. I can't do this using Pastebin. Both of them are responding with 64 bytes of data. And no, I am running Kali in my notebook and not in VM.
Wait a second ...
ETTERCAP
I've modified ettercap's DNS Spoof file and I used their example for microsoft website. Ettercap output was something like spoofed microsoft.com to <IP Address>.
I am trying to change that website and IP to test it out if it's really working. In that file, it is www.microsoft.com A <IP>.
Do you think I am going to assist you if you continue to be so agitated? I am giving you answers based on the information available to me. Unless you are meticulous I will have to carry on hypothesising, and we both know that hasn't solved anything yet.
TRT
Ok, let it be. I will use Ettercap instead...
Simtoon101;
If you are not grateful for all the help that TRT offered you, you don't deserve his help.
Share Your Thoughts