Backtrack 4 R2 (attacker)
dnsspoof ( from the dsniff suite)
WinXP SP2 with Firefox 3.6.12 (victim)
Let’s say we want to sniff a person’s facebook credentials and he is part of our LAN.
victim’s IP : 192.168.1.2
attacker’s IP : 192.168.1.10
We’re testing the S.E.T’s option Website Attack Vectors--> Credential Harvester Attack Method --> Site Cloner.
But instead of serving the address to the victim directly (for ex. saying to him while chatting “check this new stuff at 192.168.1.10”) we wanna make this more quietly with DNS spoofing. So if he visits facebook.com he will be redirected to 192.168.1.10 where the cloned facebook is.
We open a terminal and type the following:
After updating the Metasploit Framework and the Social-Engineer Toolkit we take all the steps through S.E.T’s menu and we successfully clone the site:
We also create a plain text(we name it ‘facespoof’) with the line below in it to use it with dnsspoof.
192.168.1.10 *.facebook.com <----this line tells that if someone wants to go
to facebook.com send him to 192.168.1.10
So in a terminal we type:
and we get something like this:
dnsspoof -i eth0 -f /root/facespoof
So far so good…
dnsspoof: listening on eth0 [udp dst port 53 and not src 192.168.1.10]
But when the victim enters in his address bar “https://www.facebook.com/” we get an error message “unable to connect”.
However when he enters “http://www.facebook.com/” everything goes fine and our attack is successful.
Does anyone knows why is this happening?