Spoofy Domains

Here's the situation:

I'm developing a website. Once it's ready (they are never "finished") I will copy the whole thing over to the real server and it goes live. What I have here is a test site.

To make matters a whole lot easier, I keep it in the root of my local webserver, this allows me to always link pages relative to root (e.g. "https://domain.org/testpage.com"), like the real web server. I like things simple, and wherever possible; to replicate the exact same environment as the live server.

There is one obvious limitation. Uploading is only the beginning of a website, and I'll want to keep these local mirrors up and running; for experimentation, for back-up, for lots of things. So I have a *lot* of mirrors, and only one server "root"! What to do?

The clever Apache team came up with a solution to this problem a long time ago, allowing a single real host to serve hundreds, even thousands of sites, all from a single physical server, it's called "virtual hosts", and in my local httpd.conf, it might look something like this..

a simple apache virtual host:
<VirtualHost *>
  ServerName corzorg
  DocumentRoot "/home/www/corz"
  DirectoryIndex index.html index.php
</VirtualHost>

This is called a "name-based virtual host". The DocumentRoot becomes the real root of the virtual domain. You can have as many as you like, they can even be mounted network shares, so long as apache can get to the directory.

This configuration data usually lives in the httpd.conf, but if you have a few virtual hosts it makes sense to put them in a separate file and tell Apache to include it in your main configuration with an include statement in your main httpd.conf file..

an httpd.conf include:
Include /private/etc/httpd/vhosts.conf

So far so good. Our Apache is now (after a graceful restart) happily listening for requests for our spoof web site. Trouble is it won't get any, the requests won't get to it. Typing corzorg into my browser would get me no more than a big "address not found" error from my local friendly DNS server. For this to taste all Royale Wid Cheese, we still need the main ingredient..

That pesky DNS..

DNS is magical. It's what keeps the whole internet working. Domain Name Servers translate domain names into addresses, addresses into names. There are thousands of them all over the internet doing this one job day-in-day-out, usually in pairs, in case one breaks down.

Unless you have pure geek-blood running through your veins, the last thing you want to go messing around with is DNS. The BIND config is a hellish file. Misconfigured it could not only screw up your network, but the networks connected to your network, and all the way up the internet. Big fun. (okay, that's a slight exaggeration)

But we need DNS. Without it we'd all have to remember addresses like "63.79.80.155" instead of something cute, like cc.com. Between them, the name servers of the world keep this vast database current, the name to IP translations that is the road map of internet.

Because of DNS, you can drop a packet of data addressed to cc.com in one end of the internet, and it shoots off hop to hop, passes along the IP chain and lands in its exact destination, sort of like a postal service, but a helluva lot faster. That's how your web browser finds web sites.

Now Apache, being a highly cool web server, will serve up any old spoof web site you give it, if, and only if, it has a valid DNS. And unless you have money to burn, buying a few dozen domain names just for testing web sites isn't a feasible option. At any rate, it's a foolish one, there is a far better way..

The clever bit (at last!)

If you came here from the Kill Ads page, then you'll remember that our system begins looking for domain names locally, and only if it doesn't find match here will it look farther afield; so, we supply a match. Apache doesn't know it's only a dummy.

If the operating system can be directed to 127.0.0.1 when ad.sex.com is asked for, then surely, I pondered, it could be directed to back here if I asked for "corzorg", too! Or any domain you like! My own "myhosts" file begins like this..

simple LAN DNS:
192.168.1.      2C
192.168.1.250   oshi
192.168.1.1     tukay
192.168.1.100   soho
192.168.1.3     imac

These are the permanent machines in my workshop LAN. The samba workgroup is called 2C, hence the first line (this is optional). If you don't know how to add hosts, read the zap ads good page.

It helps to have a system right from the start. My Linux file server is now known as "soho". From this point onwards, I can get there using soho instead of the old 192.168.1.100. And not just in a web browser either, this works for the whole system; ssh logins, sessions on the±wire, samba shares, NFS, wherever you might type a long address.

It get's better. Remember the Apache virtual hosts? By simply adding a few custom hosts, we can create those "valid" (though fake) DNS we needed. This line would create the necessary host entry for the example virtual host at the top of this page.

our virtual host, DNS-side:
192.168.1.3 corzorg

You might want to use 127.0.0.1 for the address, I use the 192.168. address because there's a lot of lines in my myhosts file, and the data is shared with other platforms, other machines. You can point the addresses to any IP on your network, or even outside it; it's only your own computers you're fooling!

Check this..

big fun! (image of my browser address bar filled with a highly cool home-made TLD)

Simply typing corzorg into my web browser's address bar takes me straight to site number one; my corz.org experimental test mirror. When I want to check out the real online version (the one you are reading now) I just add a dot!

Actually, since the time of writing, I have started using my ath.cx address for my local test mirror, and so it's not so simple as adding a dot. It's simpler; I made a "bookmarklet", the text is simply..

enter this into the "Location" of your bookmark:
javascript:void(location.href=location.href.replace(/ath.cx/i, %22org%22))

Except with your own domain names, of course. Clicking the bookmark(let) (I have it visible in my bookmarks toolbar) automatically loads the live version. I have another bookmarklet that goes the other way.. As I said above, I have a stack of dummy hosts here, they come and go, mostly come, as projects and test sites and clients and all the rest are added to the mix. It helps to have a system from the start; having two web servers on my LAN, I tend to use some servername-project combination, stuff like this..

myhosts sample:
192.168.1.3 corztex
192.168.1.3 corztex.com
192.168.1.3 www.corztex.com

192.168.1.3 corzdev
192.168.1.3 corzdev.com
192.168.1.3 www.corzdev.com

192.168.1.100 corznuke
192.168.1.100 corznuke.org
192.168.1.100 www.corznuke.org

192.168.1.100 arcsoho
192.168.1.100 arcsoho.org
192.168.1.100 arcsoho.com

192.168.1.100 sohobb
192.168.1.100 sohobb.org
192.168.1.100 www.sohobb.org
192.168.1.100 sohobb.com
192.168.1.100 www.sohobb.com

That's it! So long as you have your hosts sorted out, all requests to that address will be served by your local Apache server, or wherever you specify. And you won't screw up the whole internet doing it! Just Kidding! By the way, the www. variants are usually there to do no more than test if the www removal mod_rewrite is working!

Of course, you can load remote share paths into your Apache virtual hosts too, any mounted volume. Yummy for testing. The possibilities are endless! For sure, once you get used to typing cute names instead of ugly IP addresses, you will not want to go back.

One notable side-effect, and a pleasant one, is that your browser can store site-specific username/password combinations for all your different fake domains, so testing multiple phpbb or nuke installations is made considerably less frustrating.

Have fun!

;o) corz.org

Welcome to the comments facility!


Spoofy - 30.11.04 11:58 pm

I like spoofing its my main activity


corz - 01.12.04 3:05 pm

who said that? smiley for :ken:

;o)


HEMOglobina - 09.04.05 4:33 pm

Great article! Thank you very much! Unfortunatly I dont have OS X avaiable for me to work on. Could you please point any location where I could learn how to accomplish that using Win2003?
Thanks a lot once again,
HEMOglobina


corz - 10.04.05 4:02 pm

Well, HEMOglobina, the principle is the same nomatter the platform. To achieve this on windows (2000/XP) simply edit the details into your host file, which should be..

C:\WINDOWS\system32\drivers\etc\lmhosts

or some folks use..

C:\WINDOWS\system32\drivers\etc\hosts

There are advantages and disadvantages to using either file, but I personally use lmhosts, as the syntax is more flexible. Once you've made the edits, open the properties for your local network connexion, and go to TCP/IP > Advanced > WINS and import the lmhosts file, or simply reboot.

Now you have spoofy hosts! You may want to google for an application called "Hostess", which makes the process at least partly automatic. It's designed for "ad hosts", but it's all the same, really.

Have fun!

;o)


ak - 03.11.05 3:03 am

i really like your article but it doesn't seem to be working for me. I currently running 10.3.9 panther on my g5. just enabled dns and confirmed that named is working correctly. I set up kerberos on my linux box which named krb on my lan and i'm trying to log in as a kerberos client to the linux box from my g5 named panther; however, it's complaining that "realm is not exsting" which i think it's compaling that it doesn't find the host krb. i put the krb in my /etc/hosts file and its ip 192.168.11.7 as well as I followed your tip above. but when i type "host krb" it's trying to look up dns list instead of netinfo file.

panther:/Users/ak root# host krb
Host krb not found: 3(NXDOMAIN)

could you please help me setting up dns correctly? thanks much


corz - 05.11.05 12:44 pm

Thanks ak. It simply sounds like the DNS lookup order is wrong. OS X needs to be told where to look for the DNS information, or rather, told not to look.

Did you change that yet, as per the hosts page?

;o)


next comments (1 page)

First, confirm that you are human by entering the code you see..

(if you find the code difficult to decipher, click it for a new one!)


Enter the 5-digit code this text sounds like :

lower-case oh, Upper-Case Dee, nein, lower-case elle, Upper-Case Ee


 

Welcome to corz.org!

I'm always messing around with the back-end.. See a bug? Wait a minute and try again. Still see a bug? Mail Me!