On Thu, 16 Dec 2004 06:36:28 +1000, Quark IT - Hilton Travis
<hilton at quarkit dot com dot au> wrote:
> > in your 192.168.1.2 webserver
> > you create a similar content for yahoo.
> > when your user type yahoo.com in your browser,
> > they will be redirected to 192.168.1.2 unknowingly
> > your users sign-in into the spoof yahoo site.
> > i never done this, so any comments?
What Hilton said is exactly right.
But if you want to capture somebody's Yahoo username and password, as
in your example, if you already control the firewall you could do it
with a whole lot less effort just capturing the data as it passes the
wire. Yahoo, by default, doesn't use SSL, so it's trivial to pick
Even with SSL, in that position it's easy enough to pull a man in the
middle attack of sorts on the SSL with the very slick dsniff suite's
webmitm. Ditto for SSH.
You could set up DNS overrides for the domains you want to hijack and
avoid the use of dnsspoof in dsniff, so it could assist you some in
Plenty of ways to do it, all illegal unless properly authorized or
done to yourself on your own network, but the last of which I'd mess
with would be recreating a Yahoo lookalike and redirecting the DNS.