Test web apps on iOS by DNS spoofing your LAN with Ettercap

Problem

One of the things that annoys me is the fact the I can’t change the “/etc/hosts” file in the iOS (except if you jailbreak, I know I know).
I say this because I have lots of web apps in my local linux server that I would love to test it on mobile devices.

I normally add a virtual host for each site on Apache. However in order to make this work on my local computers, I need to change the file “/etc/hosts” and add something like

...
192.168.1.3 local.myapp.com

And every time I go to my desktop browser and type http://local.myapp.com/ this request is going to be redirected to 192.168.1.3 where my apache is installed.

Well, this is all fine and dandy, but you can’t do this on iOS (Again, not without jailbreaking it…) .

So how do you solve this?

Alternative solutions…meh…

There are various ways of solving it.
Some people install a proxy server like Squid, others install a DNS server like BIND.

Personally, I think this is a little bit overkill. I don’t want to configure proxies on and off on Safari, in my case I have an iPhone and an iPad, I would need configure both every time I needed to test it. And I definitely don’t want to waste time managing a DNS server, plus wasting system resources for such sporadic testing.

My solution

So what do you do ?
You hack your own LAN for fun and (possibly) profit.

What I do is, I “attack” my own LAN computers by performing a MITM (man-in-the-middle) attack and DNS spoofing the living shit out of my target router clients with Ettercap.

POC

The first thing you want to do is to install Ettercap in your Linux box.
I’m using Debian dist, but I know you can install it on OSX and Windows as well.

Install ettercap

$ sudo apt-get update && apt-get install ettercap

Enable IP forwarding

$ echo 1 > /proc/sys/net/ipv4/ip_forward

Edit /usr/share/ettercap/etter.dns

$ sudo vim /usr/share/ettercap/etter.dns

Add a new entry for your local domain host

...
################################
# My local web sites
#
local.myapp.com       A       192.168.1.3
*.myapp.com           A       192.168.1.3

192.168.1.3 should be the IP address of your local server where Apache is installed.
Save the file and quit to shell.

Start ettercap

$ sudo ettercap -i eth0 -T -q -M ARP:remote -P dns_spoof /192.168.1.5/ //

Make sure to change the IP address to match the one in your iPad/iPhone.
If you don’t know your IP, just touch in “Settings” > “Wi-Fi” > and touch in the blue arrow circle icon.

wi-fi-settings

If you want to, you can target your whole LAN by using:

$ sudo ettercap -i eth0 -T -q -M ARP:remote -P dns_spoof 

After your entered that command you should see something like this:

ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

Listening on eth0... (Ethernet)

  eth0 ->	00:0C:29:90:8D:1F       192.168.1.3     255.255.255.0

  28 plugins
  39 protocol dissectors
  53 ports monitored
7587 mac vendor fingerprint
1698 tcp OS fingerprint
2183 known services

Randomizing 255 hosts for scanning...
Scanning the whole netmask for 255 hosts...
* |==================================================>| 100.00 %

6 hosts added to the hosts list...

ARP poisoning victims:

 GROUP 1 : 192.168.1.5 64:20:0C:06:FC:FB

 GROUP 2 : ANY (all the hosts in the list)
Starting Unified sniffing...


Text only Interface activated...
Hit 'h' for inline help

Activating dns_spoof plugin...

BAM ! We are all set, now open Safari in iPad/iPhone and visit http://local.myapp.com/ you should be seeing your local website.

This should show up in the shell terminal:

...
dns_spoof: [local.myapp.com] spoofed to [192.168.1.3]

Press ‘q’ to quit Ettercap.

Note: When you quit Ettercap, iOS will still cache this new IP. So make sure you refresh again your connection to flush you DNS cache when you no longer need it.

Erm…not working dude.

– Make sure you flush your DNS cache on iOs. You can do this by restarting your wi-fi connection. Sometimes it requires a few tries before it actually gets to work.

– Try the “ping” command and see if it’s pinging the right host.

Conclusion

And that’s it, for some it may seem a bit complicated, but remember that after the installation and configuration, you just need to run one command.

I think this is a much easier and cleaner way of testing websites with a virtual-host organisation.

Have another approach on this ? Leave it in the comments below.

  8 comments for “Test web apps on iOS by DNS spoofing your LAN with Ettercap

  1. Anthony Somerset
    January 29, 2013 at 8:04 pm

    I use a fanless mini itx atom box an run pfsense on it as a router. It had a DNS forwarder feature that does exactly what’s needed. It acts as network DNS and forwards up you your preferred DNs servers or ISP DNS and for any values you set in the forwarder it returns the specified ip. It can even bypass whole zones to a specific DNs server if you preferred

    That said. A lot of better routers on the markets nowadays have similar functions built in or you can flash them with tomato or dd-wrt which can do similar

    • Henrique B.
      January 29, 2013 at 10:34 pm

      I used to add my old Linksys with dd-wrt, it’s was pretty awesome. I miss it :(

  2. February 13, 2013 at 10:59 pm

    I really desire to book mark this particular article, “Test web apps on iOS by DNS spoofing your LAN with Ettercap
    | Henrique Barroso” on my website. Do you really care if I actuallydo?

    Thank you ,Denisha

  3. March 3, 2013 at 6:55 am

    Spot on with this write-up, I really think this site requirements a lot more consideration. I’ll quite possibly be once again to read much more, thanks for that information.

    christian louboutin sale

  4. John
    January 28, 2014 at 12:58 pm

    You could consider using http://xip.io/

  5. February 18, 2014 at 11:23 am

    Commonly I really don’t find out document for information sites, however i desire to declare that this specific write-up extremely compelled me personally for you to do it! Your composing taste is shocked everyone. Many thanks, fairly good post.

  6. March 9, 2014 at 6:56 am

    howdy! , I like your own producing a lot! talk about most of us speak additional approximately your content on America online? We demand an expert to the picture to end my own dilemma. Might be that may be a person! Looking in front to check a person.

  7. Adam
    March 19, 2014 at 4:23 pm

    Thanks for a great tip! This seems like the best solution to testing local apps by far.

    I’m running OSX and haven’t managed to get it working yet. I’ve installed ettercap via Homebrew, and I’ve got it up and running. However, I’m not reaching my local sites from the phone and ping from the device results in “unknown host”. The IP is correct (when I turned wifi on and off on the phone it was displayed in ettercap in the terminal: DHCP: [XX:XX:XX:XX:XX:XX] REQUEST XX.XXX.XX.XX).

    One thing that I might have done differently than you is the etter.dns file. Ettercap was installed in homebrew/share/ettercap and there was no ettercap.dns file there, so I created it myself and added the ip info from your example. Perhaps it’s not being used? Any tips?

    Btw, the IP address in your example:
    “local.myapp.com A 192.168.1.3″
    Is the IP address the localhost address (i.e. normally 127.0.0.1) or the ip address of the computer running apache?

Leave a Reply

Your email address will not be published. Required fields are marked *