Spoofy Domains

Here's the situation:

I'm developing a website. Once it's ready (they are never "finished") I will copy the whole thing over to the real server and it goes live. What I have here is a test site.

To make matters a whole lot easier, I keep it in the root of my local webserver, this allows me to always link pages relative to root (e.g. "https://domain.org/testpage.com"), like the real web server. I like things simple, and wherever possible; to replicate the exact same environment as the live server.

There is one obvious limitation. Uploading is only the beginning of a website, and I'll want to keep these local mirrors up and running; for experimentation, for back-up, for lots of things. So I have a *lot* of mirrors, and only one server "root"! What to do?

The clever Apache team came up with a solution to this problem a long time ago, allowing a single real host to serve hundreds, even thousands of sites, all from a single physical server, it's called "virtual hosts", and in my local httpd.conf, it might look something like this..

a simple apache virtual host:
<VirtualHost *>
  ServerName corzorg
  DocumentRoot "/home/www/corz"
  DirectoryIndex index.html index.php
</VirtualHost>

This is called a "name-based virtual host". The DocumentRoot becomes the real root of the virtual domain. You can have as many as you like, they can even be mounted network shares, so long as apache can get to the directory.

This configuration data usually lives in the httpd.conf, but if you have a few virtual hosts it makes sense to put them in a separate file and tell Apache to include it in your main configuration with an include statement in your main httpd.conf file..

an httpd.conf include:
Include /private/etc/httpd/vhosts.conf

So far so good. Our Apache is now (after a graceful restart) happily listening for requests for our spoof web site. Trouble is it won't get any, the requests won't get to it. Typing corzorg into my browser would get me no more than a big "address not found" error from my local friendly DNS server. For this to taste all Royale Wid Cheese, we still need the main ingredient..

That pesky DNS..

DNS is magical. It's what keeps the whole internet working. Domain Name Servers translate domain names into addresses, addresses into names. There are thousands of them all over the internet doing this one job day-in-day-out, usually in pairs, in case one breaks down.

Unless you have pure geek-blood running through your veins, the last thing you want to go messing around with is DNS. The BIND config is a hellish file. Misconfigured it could not only screw up your network, but the networks connected to your network, and all the way up the internet. Big fun. (okay, that's a slight exaggeration)

But we need DNS. Without it we'd all have to remember addresses like "63.79.80.155" instead of something cute, like cc.com. Between them, the name servers of the world keep this vast database current, the name to IP translations that is the road map of internet.

Because of DNS, you can drop a packet of data addressed to cc.com in one end of the internet, and it shoots off hop to hop, passes along the IP chain and lands in its exact destination, sort of like a postal service, but a helluva lot faster. That's how your web browser finds web sites.

Now Apache, being a highly cool web server, will serve up any old spoof web site you give it, if, and only if, it has a valid DNS. And unless you have money to burn, buying a few dozen domain names just for testing web sites isn't a feasible option. At any rate, it's a foolish one, there is a far better way..

The clever bit (at last!)

If you came here from the Kill Ads page, then you'll remember that our system begins looking for domain names locally, and only if it doesn't find match here will it look farther afield; so, we supply a match. Apache doesn't know it's only a dummy.

If the operating system can be directed to 127.0.0.1 when ad.sex.com is asked for, then surely, I pondered, it could be directed to back here if I asked for "corzorg", too! Or any domain you like! My own "myhosts" file begins like this..

simple LAN DNS:
192.168.1.      2C
192.168.1.250   oshi
192.168.1.1     tukay
192.168.1.100   soho
192.168.1.3     imac

These are the permanent machines in my workshop LAN. The samba workgroup is called 2C, hence the first line (this is optional). If you don't know how to add hosts, read the zap ads good page.

It helps to have a system right from the start. My Linux file server is now known as "soho". From this point onwards, I can get there using soho instead of the old 192.168.1.100. And not just in a web browser either, this works for the whole system; ssh logins, sessions on the±wire, samba shares, NFS, wherever you might type a long address.

It get's better. Remember the Apache virtual hosts? By simply adding a few custom hosts, we can create those "valid" (though fake) DNS we needed. This line would create the necessary host entry for the example virtual host at the top of this page.

our virtual host, DNS-side:
192.168.1.3 corzorg

You might want to use 127.0.0.1 for the address, I use the 192.168. address because there's a lot of lines in my myhosts file, and the data is shared with other platforms, other machines. You can point the addresses to any IP on your network, or even outside it; it's only your own computers you're fooling!

Check this..

big fun! (image of my browser address bar filled with a highly cool home-made TLD)

Simply typing corzorg into my web browser's address bar takes me straight to site number one; my corz.org experimental test mirror. When I want to check out the real online version (the one you are reading now) I just add a dot!

Actually, since the time of writing, I have started using my ath.cx address for my local test mirror, and so it's not so simple as adding a dot. It's simpler; I made a "bookmarklet", the text is simply..

enter this into the "Location" of your bookmark:
javascript:void(location.href=location.href.replace(/ath.cx/i, %22org%22))

Except with your own domain names, of course. Clicking the bookmark(let) (I have it visible in my bookmarks toolbar) automatically loads the live version. I have another bookmarklet that goes the other way.. As I said above, I have a stack of dummy hosts here, they come and go, mostly come, as projects and test sites and clients and all the rest are added to the mix. It helps to have a system from the start; having two web servers on my LAN, I tend to use some servername-project combination, stuff like this..

myhosts sample:
192.168.1.3 corztex
192.168.1.3 corztex.com
192.168.1.3 www.corztex.com

192.168.1.3 corzdev
192.168.1.3 corzdev.com
192.168.1.3 www.corzdev.com

192.168.1.100 corznuke
192.168.1.100 corznuke.org
192.168.1.100 www.corznuke.org

192.168.1.100 arcsoho
192.168.1.100 arcsoho.org
192.168.1.100 arcsoho.com

192.168.1.100 sohobb
192.168.1.100 sohobb.org
192.168.1.100 www.sohobb.org
192.168.1.100 sohobb.com
192.168.1.100 www.sohobb.com

That's it! So long as you have your hosts sorted out, all requests to that address will be served by your local Apache server, or wherever you specify. And you won't screw up the whole internet doing it! Just Kidding! By the way, the www. variants are usually there to do no more than test if the www removal mod_rewrite is working!

Of course, you can load remote share paths into your Apache virtual hosts too, any mounted volume. Yummy for testing. The possibilities are endless! For sure, once you get used to typing cute names instead of ugly IP addresses, you will not want to go back.

One notable side-effect, and a pleasant one, is that your browser can store site-specific username/password combinations for all your different fake domains, so testing multiple phpbb or nuke installations is made considerably less frustrating.

Have fun!

;o) corz.org

Welcome to the comments facility!


previous comments (two pages)   show all comments

corz - 05.11.05 12:44 pm

Thanks ak. It simply sounds like the DNS lookup order is wrong. OS X needs to be told where to look for the DNS information, or rather, told not to look.

Did you change that yet, as per the hosts page?

;o)


mark - 08.02.09 6:35 am

wats out...


Jason - 13.04.09 4:40 am

Thanks for this tutorial... this is great information. However, I'm running into problems.

I think I'm really close to success. I've tried entering a line such as
192.168.1.3	test
as part of my hosts file, but now, when I type test into my address bar, Safari simply tries to find the web server at 192.168.1.3... and there isn't one.

I feel like there may be a huge gap in my knowledge. I don't really know much about LANs.. as far as I know, I don't even have one. Is there something simple, like "You idiot, of course you need an LAN!"? I feel very in the dark.

My httpd.conf file includes this, by the way:
<VirtualHost *>
        ServerName test
        DocumentRoot "/Library/WebServer/Documents/test"
        DirectoryIndex index.php index.html
</VirtualHost>


This question may help identify my cluelessness: I know that Apache needs a spoofed domain name to work, but once Safari encounters the spoofed domain name, how does it know to go to Apache for the site content?

Thanks again for the article. I hope you'll spare the time to help me out.

It "knows" because it's a web request, and by default they are on port 80. Assuming everything is setup correctly, all requests to that IP, on port 80, will be served up by the running Apache.

But before you do all that, you will need to ensure the server IS working correctly. If the server is running on your desktop machine, the easiest way to test this is from http://localhost. Once you are certain it works fine, then you can play with outside access (don't forget the firewall!) and those lovely named hosts.

;o)



sezar - 21.06.09 10:55 am

thanksssssssssssssss


Alex Pearce - 14.09.09 5:15 pm

On OS X 10.6 (and probably 10.5) the only thing I had to do to get this working was create an entry in the /etc/hosts file:

127.0.0.1 spoofyname

Using MAMP to create a local testing environment, that's all there is to it.


David M. - 20.11.09 4:35 pm

<LMAO!>"And you won't screw up the whole internet doing it!"</LMAO>

<REAL!>Dude I'm so linking to your site from http://www.runfatcat.com/ </REAL>

smiley for ;)

<SIGNATURE>
David M.
</SIGNATURE>

smiley for :D


oldblue - 04.06.11 7:32 am

Nice tips would love to learn more about how to spoof porn mainly bbw pay sites how do ppl obtain siterips? Thanx mainly for knowledge and personal pleasure. need to know one day ill be in a mountain when the bombs drop need lotion and lots of porn backed up and shielded from emp falloutsmiley for :eek:smiley for :lol:

Site rips are usually achieved with a clever curl/wget spider script (Google that), or for the more lazy, something like Teleport Pro (on windows) will do a fairly decent job. ;o)



zennit - 06.12.11 3:21 am

any ideas how to get it working on a laptop so that when i'm on my lan it uses the local ip and when i'm not it uses remote ip?

Most laptops have a location capability, you can alter settings based on where you are/what network you are plugged into. Or else use your router/gateway to handle the assigning of IP addresses; when you are not connected to it, the laptop will revert to the other (remote IP) setting. ;o)



a female faust - 25.08.14 2:59 am

the definitive post on etc/hosts
(believe me i've read more than a few)
a patient tutorial on spoofs ad-vert-sorial,
corzdotorg's is witty as well;
and -- it passes my test -- at last, lookupd success!
and i learned all these other things too?
the advice on this site just very well might
be as much better as is ice cream from hell








just for fun. love the winking winker icon. love your style. you're invited for dinner, just drop me a line: i'd love to return the favor.


The problem is that I recently broke this page's code output, wrapped the scripts. Didn't you notice! ;o)



a female faust - 25.08.14 3:03 am

for now, one of my hack-friendly posts will do....


glad i could make that link active, noticed after i hit publish....
(wow, edit your most recent comment, now that's hot)


There's a subtlety to the cutting-edge technologies working here at corz.org, that most people don't get (many common occurences out there started humbly here, and usually with the code available as a zip). Yes, humans can post what they like (GB's of auto-posted-spam hits my dump file every day), even live links; I get a mail of the contents, brings me here.

Links I generally genericize, unless I really like the content, which I did, so left it alone. Parts I thought, "this could be me writing this, or did I?".

If I'm in your area hungry, you'll be hearing from me.

;o)



a female faust - 17.09.14 8:08 am

you and your crew -- a few days or a week notice is best --

well its been a while, but i had to come back, because i was able to ixnay the essmay that is triggered by a bad myspace cert - - frequent enough to annoy. too lazy to find out why the f myspace is being called for a cnet download, i thought, hey, could i add it to my hosts file?

then i thought, nah, i prolly forgot how...

but your instructions were *so good* that all i had to do was cd over to etc, nano the hosts file, add myspace, look at the header where i noted the commands like you said, you smart lazy person you, and save -- well, and exit, cd back up one level, rm old hosts, nano hosts in my home folder, save, and ditto it into etc, because i find that easier than changing permissions; cd back down into etc, run those commands, et motha-effin voila.

no cert alerts!

so appreciative that i could do this *without even coming back here* that i just had to come back to tell you, in doggerel of course. (should be caterel, for me).


i thought i had already appreciated
your suggestions when they first came up on my screen
but the compliments already stated
compared to how i feel now, seem simple and mean

because, where such teaching is needed,
the necessary abilities you doubtless possess
by nature or nurture, i have at last succeeded
in stopping the annoying cert-alert's mess......

*ahem*

i will even use a smiley.
smiley for :roll:...
thanks,
a female faust.


ps why are words like cnet highlighted like links? o wait, i saw the 'improbable' note....


First, confirm that you are human by entering the code you see..

(if you find the code difficult to decipher, click it for a new one!)


Enter the 5-digit code this text sounds like :

lower-case ess, Upper-Case Bee, sicks, lower-case jay, Upper-Case Em


 

Welcome to corz.org!

I'm always messing around with the back-end.. See a bug? Wait a minute and try again. Still see a bug? Mail Me!