Re: webmitm

Hi Chris

first i must thanks you for your interest in helping me.

I before I check further on webmitm.. I think my dnsspoofing is not working correctly.

The file /etc/dnsspoof.hosts is as below:

+++++++++++++++++++++++++
192.168.93.133    *.yahoo.com
192.168.93.133    *.hotmail.com

+++++++++++++++++++++++++++

Where victim is 192.168.93.131
Where attacker is 192.168.93.133
Where gateway is 192.168.93.2

Something confuse me, from the trace captured (when dns spoof is not working) when victim request for
www.yahoo.com or mail.yahoo.com both the spoofed gateway(attacker) and the actual gateway replied and the final result from the command prompt of "nslookup www.yahoo.com" return the actual IP of yahoo and not the spoofed IP (attacker IP) which suppose to be.

By right, the actual gateway should not receive the DNS query from victim since the attacker has intecepted (arp spoofed)
>From trace this seems not to be the case, the query went
to the spoofed gateway first and it perform a ICMP redirect and tells victim the actual gateway IP and resulted both spoofed and actual gateway replied. And, final result pick the actual IP -- thus spoofing failed.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Any hints??

THanks

• Original Message ----- From: "Christine Kronberg" <Christine_Kronberg@genua.de> To: "e247net" <e247net@hotmail.com> Cc: <pen-test@securityfocus.com> Sent: Monday, August 11, 2003 9:41 PM Subject: Re: webmitm

>
> Hi,
>
>
> > i started with webmitm -dd and see only all the GET requests from
"victim"
>
> If I understand the source code correctly than this is exactly what
put
> > www.hotmail.com and mail.yahoo.com in
> > the dnsspoof.hosts file but only mail.yahoo.com is being spoofed and not
> > www.hotmail.com.. any help plse
>
> You entered both correctly into your spoofed-hosts file, I presume?!
-
> --------------------------------------------------------------------------

--

>

>

>


---------------------------------------------------------------------------
----------------------------------------------------------------------------