mana icon indicating copy to clipboard operation
mana copied to clipboard
verified publisher icon sensepost

DNS2Proxy/SSLStrip2 Problem

Open Lionade opened this issue 9 years ago • 5 comments

Hi there! I am trying to use the start-nat-full Script. It is possible that the client connects to the rogue ap. SSLStrip2 is also changing the domain names (e.g. wwww.google.com) but the client doesn't know how to resolve the spoofed addresses. So I think the DNS-Queries are not redirected to DNS2proxy. Do I have to change something in the DNS2Proxy Config-Files to make it work?

Best regards

Lionade avatar Jun 18 '16 13:06 Lionade

Did you find the solution to this issue? I'm experiencing the same thing.

ghost avatar Oct 28 '16 08:10 ghost

Same issue here... any solution or is this the expected behaviour?

teoxi avatar Dec 20 '16 12:12 teoxi

I am having the same problem, y try to connect to "google.com" in my Android, in the NAV bar I can see wwww.google.com, and the "Connection Error" page instead of the real google.com

derekkddj avatar Mar 07 '17 13:03 derekkddj

I found that the problem is that dnsmasq starts in port 53, and dns2proxy too, so request to port 53 goes to dnsmasq instead of going to dns2proxy. But still can not do it work.

Regards.

derekkddj avatar Jul 04 '17 13:07 derekkddj

Well, I found the problem. When you start dns2proxy, it uses the port 53, the same as dsnmasq, so they can not be run at the same time. When using nat + dns2proxy + sslstrip, we need dns2proxy to respond DNS queries, so the only thing we need to do, is disable dnsmasq (DNS functionality) In the scripts, change the line: dnsmasq -z -C /etc/mana-toolkit/dnsmasq-dhcpd.conf -i $phy -I lo To: dnsmasq -z -C /etc/mana-toolkit/dnsmasq-dhcpd.conf -i $phy -I lo -p 0 The option "-p 0" disables the dns in dnsmasq, but dhcp still works.

Regards

derekkddj avatar Oct 24 '17 09:10 derekkddj