EvilZone

Hacking and Security => Beginner's Corner => : gogia1 September 16, 2015, 04:22:19 PM

: dns hijacking facebook
: gogia1 September 16, 2015, 04:22:19 PM

i'm trying dns hijacking, i've configured dns server added zone file, when i typed facebook.com in browser addres bar i've got (http://s7.postimg.org/t2d2r756j/Untitled.png) (http://postimg.org/image/7fy2a66lz/full/)
is there any way to bypass ?

: Re: dns hijacking facebook
: iTpHo3NiX September 16, 2015, 07:07:00 PM

The reason for this is because your certificate is not validated. It's always going to appear

: Re: dns hijacking facebook
: flowjob September 16, 2015, 08:19:50 PM

: iTpHo3NiX  September 16, 2015, 07:07:00 PM

The reason for this is because your certificate is not validated. It's always going to appear

OP could always install his own root certificate on the target computer, but that would require admin access.
If that's a feasible way depends on what he wants to archieve. If he wants any live information or plans to spoof multiple websites to steal info this would be a way to do it. If, on the other hand,  OP just wants facebook credentials it would be easier to get them from the browsers saved passwords.

: Re: dns hijacking facebook
: xor September 17, 2015, 05:17:36 AM

Certain websites are in all browsers HSTS list.

This means that even if you browse to them using HTTP, they will also redirect to HTTPS.
If this wasn't the case, your DNS hijacking would work fine, now though, you have to have a certificate that is trusted on the client computer.

Kind of annoying and can't be solved without access to that machine.