Today I'll tell ya about a ripper tool that aims to fix this problem. How it works is simple: we map the subdomains we wanna impersonate, so we need the victim to visit the site with the spoofed DNS. The tool will change the DNS and connect to the real site, so the original functionality is kept.
REQUIREMENTS:
We need node.js v6 or higher, so in this case, we'll use ArchLinux. First up, we install npm, the node package manager:
Code: Select all
sudo pacman -Syu npmWe clone the repo:
Code: Select all
git clone https://github.com/compewter/CopyCatNow, we go into the directory and install the dependencies:
Code: Select all
npm installAnd that's it, just need to fire up the server. Before that, we adjust the settings in the .env file. In this file, we map the subdomains and set the port the service will listen on. In the example, let's say we're impersonating google. com, it would look like:
Code: Select all
http://us-west-1.google.com -> http://google.com
http://us-west-2.google.com -> https://google.com
http://us-west-3.google.com -> http://www.google.com
http://us-west-4.google.com -> https://www.google.comONCE WE'VE EDITED AND MAPPED THE SUBDOMAINS, WE START THE SERVICE WITH:
Code: Select all
sudo node server.jsLet's edit our /etc/hosts to test it properly, adding something like:
Code: Select all
127.0.0.1 us-west-1.google.com
127.0.0.1 us-west-2.google.com
127.0.0.1 us-west-3.google.com
127.0.0.1 us-west-4.google.comNow we open a browser and go to https:// us-west-4.google. com. We can see in the terminal all the steps we're taking.