I am doing a pen-test for my company in their new website access, its a website portal, basically you go the site, log in with your username and password, and you will have access to the whole network, ( not the whole network, only if you are the CTO or the network admin).
so I was able to catch the username and password using ettercap, but they use something call host checker, so my questionis , how can I redirect an specific website using ettercap?
I can do arp spoofing and works, but, since I am doing a pen-test, the customer has an option called Host Checker, its a little app that runs on the client machine, and make a ssl tunnel, the app checks for antivirus ( if is not up-to-date you wont be able to log in in their website) so, because of this app, I cannot sniff their password, so, here is my quesiton again, how can I redirect the url to my url? for example, if they go to h**p://access.company.com I want to catch the request and send it to h**p://myapacheserver.com, they will see the same page, actually, I am alrady have everything in place, but I dont know yet how to do the redirection website, any idea??? suggestions?? I am using ettercap, but i am open to use anything to achieve this.