EvilZone

Hacking and Security => Beginner's Corner => Topic started by: gogia1 on September 16, 2015, 04:22:19 PM

Title: dns hijacking facebook
Post by: gogia1 on September 16, 2015, 04:22:19 PM

i'm trying dns hijacking, i've configured dns server added zone file, when i typed facebook.com in browser addres bar i've got (http://s7.postimg.org/t2d2r756j/Untitled.png) (http://postimg.org/image/7fy2a66lz/full/)
is there any way to bypass ?

Title: Re: dns hijacking facebook
Post by: iTpHo3NiX on September 16, 2015, 07:07:00 PM

The reason for this is because your certificate is not validated. It's always going to appear

Title: Re: dns hijacking facebook
Post by: flowjob on September 16, 2015, 08:19:50 PM

Quote from: iTpHo3NiX on September 16, 2015, 07:07:00 PM

The reason for this is because your certificate is not validated. It's always going to appear

OP could always install his own root certificate on the target computer, but that would require admin access.
If that's a feasible way depends on what he wants to archieve. If he wants any live information or plans to spoof multiple websites to steal info this would be a way to do it. If, on the other hand,  OP just wants facebook credentials it would be easier to get them from the browsers saved passwords.

Title: Re: dns hijacking facebook
Post by: xor on September 17, 2015, 05:17:36 AM

Certain websites are in all browsers HSTS list.

This means that even if you browse to them using HTTP, they will also redirect to HTTPS.
If this wasn't the case, your DNS hijacking would work fine, now though, you have to have a certificate that is trusted on the client computer.

Kind of annoying and can't be solved without access to that machine.