Ok so I'm trying to learn this quickly because I only have 2 days to do it.

I created a fake login page on apache but I can't seem to redirect any requests to it. I've tried dnsspoof, ettercap and bettercap and all of them tell me that they are sending the spoofed requests but the target device still loads the original page instead of the spoof one.

The page I'm trying to spoof does have hsts and maybe that makes it impossible?

Just in case anyone has a better idea, this is the setup available.
ISP -to- 3rd party reseller with a mikrotik router - to - a cheap ass $10 router - to - basic repeater.

I can run the arp poisoning no problem, I can see all incoming and outgoing requests (obviously without endpoint on https) I just can't seem to redirect anything and I would like to know what would make this possible? is there any router settings (on a better router) which would make it possible like static routing or something since I can't seem to get dns requests redirected?

Sorry for probably basic beginner questions but I'm just struggling with it and any help would be appreciated.

What commands have you tried? Perhaps the target device has dns cached so its using that first rather than your spoofed request.

I thought about cached dns but I flushed it on the target.

Basically on bettercap
net.probe on
set arp.spoof.fullduplex true
set arp.spoof.target 192.168.x.x
arp.spoof on
set net.sniff.local true
net.sniff on
hstshijack/hstshijack
set dns.spoof.all true
set dns.spoof.domains with list of domains

I just don't understand it, the terminals even say sending spoofed requests to the device and every single one open the original page.

I checked arp is correct which it is but when I checked nslookup the original ip's are showing

Make sure youre not using a vpn, and your firewall is off otherwise it wont work.

(September 5, 2022, 09:29 AM)interim Wrote: Ok so I'm trying to learn this quickly because I only have 2 days to do it.

I created a fake login page on apache but I can't seem to redirect any requests to it. I've tried dnsspoof, ettercap and bettercap and all of them tell me that they are sending the spoofed requests but the target device still loads the original page instead of the spoof one.

The page I'm trying to spoof does have hsts and maybe that makes it impossible?

Just in case anyone has a better idea, this is the setup available.
ISP -to- 3rd party reseller with a mikrotik router - to - a cheap ass $10 router - to - basic repeater.

I can run the arp poisoning no problem, I can see all incoming and outgoing requests (obviously without endpoint on https) I just can't seem to redirect anything and I would like to know what would make this possible? is there any router settings (on a better router) which would make it possible like static routing or something since I can't seem to get dns requests redirected?

Sorry for probably basic beginner questions but I'm just struggling with it and any help would be appreciated.

Turn off VPN maybe.

If HSTS was problem, you would see security and invalid certificate warning.

I think is configuration problem. Did you arp spoof victim's local DNS server or you trying to arp spoof the target page?