another spoof domain

Spoof Domains
step by step..

(apply brakes here)

I was about to create a new spoof virtual domain for my LAN, and it occurred to me.. "I should write down the steps I take, save someone else doing it, save time".

So, here goes..

1: Create the fake host..

Every machine you wish to fool, needs to have host entry for your spoofy domain. Let's call this spoof domain "arc". The host file entry would simply be..

  192.168.1.100  arc

See here for details of how to add hosts to your particular machine.

I have one central hosts file that I import into all the different machines. I find this easier to maintain. A local DNS server is another option (or, as suggested by Druid; add the entry to your local nameserver's hosts file, if you have one).

Typing arc into any local browser will now point the it to the Apache server, which will completely ignore the request, until we..

2: Create a virtual host in apache config..

I keep mine in a vhosts.conf file, right next to the httpd.conf (I use an include statement to pull the directives in). The "arc" entry goes something like this..

	<VirtualHost *>
	  ServerName  arc
	  ServerAlias  arc.com arc.org
	  ServerAdmin  corz@corzoogle.com
	  DocumentRoot  "W:/tech/dev"
	  DirectoryIndex  index.html index.php
	  ServerSignature  Email
	</VirtualHost>
Note the aliases, (handy for testing rewrite rules and such). You can add as many aliases as you like, so long as you also create corresponding host entries for each (step 1). Also note, this entry is for a Windows® Apache server; I figured it was about time to do a Windows-orientated article. Really, only the DocumentRoot directive is different.

3: Restart apache..

Sadly I don't have the "corzweescriptpack" for windows, although I do have a righteous /unix subtree on my windows box! Aye, I mean emacs, tcsh, ls, tar, the works! That's right! I do ls to get directory listings on my peecee! Oh Joy of UNIX!

However, Apache for windows comes with a whole host of useful shortcuts, so restarting's a breeze; apache also installs as a system service, handy. On UNIX/Linux, your usual apachectl command will be fine. On Mac OS X, use corzweescriptpack! .. ra

We're done!

This is what we get typing arc into a web browser now..

fancy index of arc spoof domain

En-joy!

;o)

Welcome to the comments facility!


return to paged comments
anonymous - 31.08.04 2:34 pm

hi! will you please help me?im a student and we have an experiment on domain spoofing. can you help me? please. send me an email a.s.a.p.


cor - 09.09.04 2:33 am

perhaps if I knew your email address..

maybe you should email me, instead.

;o) Cor


The - 27.10.04 1:56 am

Hello. Is it possible, from a university LAN connection, to send a spoofed domain to a Web site that only accepts traffic from *.jp domains?


cor - 27.10.04 8:31 am

you'd be easier simply accessing the site via a japanese proxy

google for "proxy servers"

;o) Cor


G-man - 31.10.04 4:21 am

Thank you SO much. I can't believe it was that easy! ^_^


zoot! - 06.01.05 5:02 am

way to go! saved me hours!!!


anonymous - 12.02.05 11:59 pm

hello! can u help us on spoofy domains..its r project..i cannot find the wins in network connection.


icecool - 08.03.05 1:52 am

wicked ,many thanks fer the info


cor - 10.03.05 9:20 pm

cool, a pleasure.

sorree anonymous, musta missed this one, been busy over at the router area, creates a lot of noise in the "comments" section of my admin page!

feel free to drop in again (but use a name and email!), or mail me if you still need help.

;o) Cor


swherdman - 28.03.05 12:52 am

The windows hosts file is stored in the fowling location for thoes who need it

C:\WINDOWS\system32\drivers\etc theres a file in there called hosts it works the same way


cor - 28.03.05 3:20 pm

Indeed, you can use either the "hosts" or  the "lmhosts" file to insert your local domain names. I use "lmhosts" because a) it allows more configuration options and b) and this is just a hunch; it's read first.

"lm" is for Lan Manager, so primarily the lmhosts file is for NETBIOS name resolution. So it would make sense to query this before the regular hosts file. But the mappings cover everything, you can use "desktop" to connect over LanManager (samba shares) as well as http/ftp/ssh/ttelnet, whatever. Once they are cached (or better still, preloaded), there's no delay when accessing the hosts themselves.

Both will work, but you can't #preload hostnames in a regular hosts file, amongst other things. I'd also noticed that the "hostess" application for Windows uses the "lmhosts" file.

Whichever you use, the difference is probably only miliseconds, anyway.

;o) Cor


fishheadz - 05.05.05 8:39 pm

hey, I have a dyndns domain name pointing to a my local webserver. All is well when you connect from outside the LAN with www.mydyndns.net, but when I try that from my LAN i get redirected to my router config at 192.168.1.1... I know I can get to my web server locally with the local IP but I'm trying to serve a web page that needs to have www.mydyndns.net/filename as a php include and I want it to work internally and externally. Any ideas or did I just confuse the hell out of you? Thanks!


cor - 06.05.05 8:05 am

nope, that makes perfect sense, it's a topic I cover often over in my voyager router area. The answer, well documented here, is to use a proxy.

TADA!

As to the php include, you don't need to specify an exact domain, just grab it from the server, either from the filesystem, or use the HTTP_HOST server variable for your statement, something like..

include($_SERVER['DOCUMENT_ROOT'].'/inc/comments.php');

(filesystem) or (by domain) ..

include('http://'.$_SERVER['HTTP_HOST'].'/inc/comments.php');

and let php work out all that messy dns stuff!

;o) Cor

ps.. hard-coding domain names into a php script is a definite no-no! 0/10 for portability!


ed - 21.06.05 11:16 am

Hello,
I have a WinXP SP2 machine running Apache 2.0.53. I named it xyro instead of arc. I performed those tasks but it says "connection refused".

Please mail be back with the solution.

Thanks in advance.


vinny - 04.07.05 12:17 pm

when i try to connect to a server on battlefield 2 i am disconnected from the internet.i have tried to open ports, turned firewall off, turned off intrution detection, even formatted. the first time i installed the game i connected fine. then again after i formatted. it works once then thats it. i cant connect again. any idea's? medal of honor and call of duty work fine online. its just battlefield 2 i'm having problems with. the game on single player runs fine also.


cor - 04.07.05 4:48 pm

well with a working in-house mail server, I won't be missing any more comments, but I sure won't be mailing responses either!

ed, that simply means there's no server running, or else a firewall between you is preventing access.

vinny, maybe you should take a look here.

;o) Cor


Ja - 11.07.05 10:19 pm

Hello cor...

I love all the stuff you've done, the second I get home I am downloading you IM thing, I'll probly use your editor on my CMS I am working on.

but anyway:

I work on a Windoze XP machine (sorry :(). I also have a linux machine setting right next for it, for testing purpouses, before I upload it to a live machine.

I hate having to type 90.10.10.35/jabirdcms everytime I wanna go there, so do I do this all on the linux server, or do I need to install apache on the windoze machine to spoof 90.10.10.35 to something like test?


cor - 12.07.05 1:48 am

Hi Ja. My desktop sounds similar to yours. I too am currently doing the bulk of my workl on an XP box, with a linux server sitting right next to it. Windows XP isn't so bad, so long as you don't go connecting it directly to the internet! Your router is your firewalling friend!

You don't need to install Apache on the XP box (although it's handy to do exactly this, especially if you develop php applications, because many others serve on windows, and you can check your script's cross-platform compatability) all you need to do to the XP box is add a fake host entry to its hosts/lmhosts file (or both). Basically you are fooling it into pointing all requests to that domain ('test') to a LAN address (90.10.10.35)..
    90.10.10.35     test
On the linux server you just need one vhosts entry for your 'test' domain.
<VirtualHost *>
ServerName test
ServerAlias tt t
ServerAdmin me@somewhere.com
DocumentRoot "/home/www/test"
DirectoryIndex index.html index.php
</VirtualHost>
and that's it! Gracefully restart Apache and away you go!

note: if you have URL's in your code that point to the domain "name", i.e..

<?php
include('http://'.$_SERVER['HTTP_HOST'].'/engine?download=menu&clean=true');
?>


you will also want to add an entry to the hosts file on the Linux box, so it correctly points back to itself for these requests, but you'd likely want to do this anyway; It's usually best to keep the hosts files on all your LAN machines fairly well synced.

Yeah, typing "test" instead of 90.10.10.35/jabirdcms is the smart way to go. after a while you'll wonder how you put up with it for so long!

Have fun!

;o) Cor

ps.. note, the+wire, while fun and very functional, has a few interesting bugs, can be sticky on windows, and really was meant more as a concept demo than anything else (play with it, there's much to discover, particularly if you are a developer). I'm looking into doing a pure C version in the future, or "something other than realbasic" anyhow! It does work though (the OS X version is the best, as it was developed on OS X), and I've had a fair few trans-atlantic slideshows myself!


Ja - 12.07.05 2:50 am

For some reason the parser isn't liking what I typed, and I don't really wanna go back and read through it all, so can I perhaps email you, or chat on your program? (I want to test it out smiley for :D)


cor - 12.07.05 3:19 am

Use pre tags for code.

I'm hanging in #corz on blitzed.org IRC (as usual), and I'll be up for a while yet if you want to dive in. There's also a site chat here at corz.org (if you can find the well-hidden link in the toolbar) but it's usually a bit Spanish in there, and really is just for emergencies. It is cool, though, the result of a mad saturday morning coding session. (but anyways, I'm notlogged in there!)

;o) Cor


Ja - 12.07.05 3:53 am

your tags don't balance!

Is what I'm getting


cor - 12.07.05 12:49 pm

so put it inside pre tags!!!
you can use any formatting inside pre tags. try it!

;o) Cor


Ja - 12.07.05 2:24 pm

I did try it... still got the same error... and I'm at work now and I saved what i wanted to type at home lol...

Ah well, it must not have been to very important, but when I get home I'll skim through what I tried to post and try to fix it.


Ja - 12.07.05 2:32 pm

Alright, it works smiley for :D I found the hosts and lmhosts file and added that simple line to it, and now I type http://jabirdcms/ instead of a big 'ol IP...

Thanks alot, might I ask how you figured all this out?


cor - 13.07.05 3:14 am

w00h00! yeah, it's easy when you know how.

And how did I figure all this out? well, it was the next logical step from this and this. What's good for the Goose.. smiley for :D

I'm glad it all worked out,
you won't be able to go back to raw IP's now!

;o) Cor


druid - 08.08.05 8:26 pm

If you own the server that connects the lan to the internet then probably you also host a nameserver that forward queries to the internet... so you could just add the hosts in /etc/hosts on the server and it would work automagically, without changing anything on workstations... if they have your server as the nameserver of course :)


Joe - 05.10.05 10:58 pm

I followed the instructions explicitly, even creating a seperate vhosts.conf file and still had no success. Running a WinXP SP2 700 with the easyPHP Apache install, the system refuses to find anything but my primary dyndns host. I do recall having had at one time three (yes three!) dyndns domains running out of apache but can't recall how I did it or what version of Apache it was, and I did not make a back up of it. :(

As for AmpSig, it rocks! It has a new place of honor on my site and I will be promoting it on my YahooGroups as well!!!

Joe


cor - 06.10.05 2:14 am

hey! I'm glad you like it Joe, feel free to promote it wherever you like, a task I'll need to get stuck into myself sometime soon! smiley for :lol:

As for the virtual hosts, there are many things that can interfere. Before you consider your dyndns, get this working 100% locally. If you hack the addresses into your local hosts file (or local DNS server's hosts file, yup, good call, druid) you can test test test to your heart's content before "going live". At least you'll get a better feel for exactly where the trouble lies.

If apache is serving up the hosts locally (spoofed to 127.0.0.1, or wherever the server is) then the trouble is upstream. Often folks go messing around with their apache setup when the trouble is elsewhere, and after that it's really screwed!

Backup everything! Always! Make a script! There's nothing worse than having to start from scratch, especially stuff you've already done. Even ancient apache configs can be invaluable setting up a new server. And a zip of a million httpd.conf files would probably fit on a floppy, whatever they are.

Your first virtual host is your catch-all, for a home server, this is probably best left as a dummy, my own virtual hosts file starts something like this..
NameVirtualHost *

<VirtualHost *>
ServerName *
ServerAdmin admin@whateveryoulikem8.ath.cx
DocumentRoot "/home/null"
DirectoryIndex index.html index.php
ServerSignature off
</VirtualHost>

<VirtualHost *>
ServerName itest
ServerAlias test etest 
ServerAdmin admin@whateveryoulikem8.ath.cx
DocumentRoot "/home/itest"
DirectoryIndex index.html index.php
ServerSignature off
</VirtualHost>
my "real" hosts come later on. Accessing my web server via the raw URL gets you straight into 403 City (you can actually use /dev/null on a nix system!).

I like to drop this tip in wherever possible because so many avid torrenteers, p2p'ers and what-not go mindlessly about setting up web servers and not considering these things and others. But it's a probably a good tip for anyone setting up a home server, regardless of their other online activities.

If you check out the voyager 205 pages here onsite (google or corzoogle for voyager 205) there's some excellent information on troubleshooting webserver problems, might be of use, and isn't directly accessible from this part of the site, in fact, any part of the site, though somehow the comments file for its main page definitley would not fit on a floppy!

I'm rambling, being in the mood for writing. Anyways, take a methodical approach and you'll crack it. Feel free to get back here with with fun, info, whatever, even mail me your httpd.conf file, I always enjoy those in my inbox, especially when they contain obvious gotchas and bloopers, which they usually don't.

for now..

;o) Cor


Joe - 06.10.05 2:44 am

I just had a thought. (no comments from the peanut gallery please!) When I ran this previously, I didn't install PHP as part of the package. I ran it seperate from Apache. I can back up my site, uninstall the EasyPHP and reinstall plain old vanilla Apache no frills no bells no whistles. If it works then I know it's the installation and maybe I can grab the http.conf from it and reinstall smiley for :geek:

One more plug for anyone running their own server
http://dslwebserver.com and cablewebserver.com

Everything Cor ever warned you about on running a site





cor - 07.10.05 3:56 pm

yup, these days I can't be bothered with these "easy" methods, they usually end up more difficult in the long run. Vanilla php and apache aren't so vanilla any more, come with a host of useful things, as well as decent installers.

Of course, you end up learning more about how things actually work, too. Have fun!

;o) Cor


Joe - 10.10.05 4:48 am

Arrgh! No luck that way either. Any ideas from the files I sent in email?

smiley for :erm:


Joe - 16.10.05 6:24 am

smiley for :idea:

I got it rofl I knew there was a way to do it. I printed it out this time so I will have it next time but I'm not sure why it didn't work when I tried it earlier.

I did it using only the vhosts.conf since I'm not comfortable editing the lmhosts file. My vhosts.conf is listed below:

NameVirtualHost myvirtualhost.org

<VirtualHost 12.345.67.8901>
ServerAdmin johndoe@myvirtualhost.org
DocumentRoot w:/www/
DirectoryIndex index.html index.shtml index.php
ServerName myvirtualhost.dyndns.org
ErrorLog logs/virtual-error_log
CustomLog logs/virtual-access_log common
</VirtualHost>

Obviously the sections are edited but you get the idea. Thanks for all the help Cor, and if you need a beta tester for the new Corzblog, let me know. I'll be happy to beat it through its paces.

Joe


cor - 17.10.05 7:17 pm

email? smiley for :eek:

Hey! well, it's working, that's the main thing. I must have missed your last comment in the crazy comment thing upgrade last week ("that comment thing" being the thing that provides comments at the foot of the pages - and "crazy" being me running all those recursive awk programs on the live comment files themselves! hahah) I haven't rummaged through my spam folder in weeks, I do put it off some, but I would have had rummaged if I'd spotted this comment, cuz I like emails with attachments! smiley for :D

Thanks for the offer, corzblog III isn't quite ready for the big-time yet, but at least it is now 100% xhtml compliant and produces quite nice code, too (and check out my new 100% css roll-over archives menu! *ahem*). cbparser, the bbcode parser, is about to get a beta release any day, after I let the commenteers play with it for a bit. (my unwitting beta-testers!)

I invariably use a wildcard for the NameVirtualHost directive, because there's usually umpteen hosts coming off the one box, but whatever works for you, sounds great.

;o) Cor

ps.. I keep all my spoofy domain information in a separate file called simply "myhosts" (which is shared with other boxes). In your network properties you can import a hosts file, and Windows® will run checks on it before adding the individual hosts. This is a safe approach until you feel comfortable editing the file directly.


Deikliw - 01.11.05 4:04 pm

Hi there
most impressed with your work on hacking the voyager 205. My issue is i want to view web space in my wwwroot folder (iis) from the Internet (through router) other than just being able to view this on an intranet basis (192.168.1.3/"foldername"/index.htm).

I have tried to follow your examples many times to no avail and feel I am getting confused to all the settings needed.

I am also aware you may recieve many requests on the things already covered in your tutorials but I can only ask. please help

Deikliw


cor - 02.11.05 9:41 am

Deikliw, it really depends what type of access you require. I know enough about IIs to avoid it, but I'll assume you mean regular filesystem access, these principles apply to any web server setup..

FTP. Why not setup an ftp server, put your www root folder into one of the accounts and login with a regular FTP client. Simple, robust, and if you use SFTP or similar, highly secure, too.

WebDAV. I'm fairly sure IIs can do webdav, Apache certainly can. WebDAV gives you a sort of filesystem access via the web server itself. Enabling webdav in your root has potential security issues, but I'll leave these for you to explore. All network access has potential security issues, of course.

Some other server. There are literally hundreds of different servers that will give you access to a filesystem over the internet. They don't have to be in any way connected to the webserver which just happens to also use the folder you want to access. Why not setup an SSH server?

Food for thought.

Whichever server you decide upon, it will probably need a port-forwarding rule setup on your router (though not WebDAV). If you have trouble with that, post a comment on the voyager page (after checking out the recipes, of course!)

;o) Cor


Atul kumar Mishra - 28.04.06 8:42 am

plz send the all step of the DNS that how do create Domaim and etc.


cor - 28.04.06 5:15 pm

Isn't that THIS page? smiley for :eek:

;o) Cor


bungle - 07.11.07 8:43 pm

ok pop quiz hot shot smiley for ;)

do u know how to do wild-cards in the hosts file (linux) for catching all sub-domains? so far I have had no luck finding the solution...

e.g. my host file is growing out of control:

127.0.0.1 sub1.domain.com sub2.domain.com sub3.domain.com (continued for a long time)

what i want to do is this:

127.0.0.1 *.domain.com

thing is - it don't work :(

now, yes - "why dont u just use one domain and folders within?" - well i need this for testing purposes. I have built a web app which gives users a subdomain when they sign-up... everytime i wanna test if the new sub domain works - yup, i have to edit my host file - which is a royal pain in the bottom

so - i could build a script to update it automagically - but surely there is a better way?

u have a really good informative site here so i hope u can shed some light - perhaps there is a nifty nix app which solves my problem?

may the force b with u - and keep up the good work smiley for :D

p.s. forgive me if u already have the solution on your site... if so, i suck lol


cor - 08.11.07 1:15 am

I'm always up for a pop quiz, bungle, let's do it..

do u know how to do wild-cards in the hosts file…?

No. Syat.

there is a better way?

Yes..

127.0.0.1 sub1.domain.com
127.0.0.1 sub2.domain.com
127.0.0.1 sub3.domain.com
etc.


At least now you can see what's going on. Much easier to run regex over it, too; make global changes, and so on.

As for manipulating this list in meaningful ways; on Linux, sed is your friend.

;o) Cor

ps. you might also want to consider running BIND.


bungle - 08.11.07 8:49 am

nice one mate - one per line is better, i'll scope out BIND too - thanks for the quick response


SSG - 12.12.10 7:48 am

Great

smiley for :D



Magnar - 03.03.12 5:12 pm

Hi!
I'm trying to have more than one virtual domain, but I can't get it working!

Contents of hosts:
127.0.0.1       localhost
127.0.0.1       www.devdynaplan.com
127.0.0.1       www.devmyrtveitfoto.no

Contents in end of httpd.conf:
<VirtualHost *>
ServerName www.devdynaplan.com
DocumentRoot "C:\Users\Magnar\Prosjekt\Dynaplan\Nettside"
DirectoryIndex index.html index.php
</VirtualHost>

<VirtualHost *>
ServerName www.devmyrtveitfoto.no
DocumentRoot "C:\Users\Magnar\Prosjekt\Myrtveit foto\Nettside"
DirectoryIndex index.html index.php
</VirtualHost>

With this configurations, both www.devdynaplan.com and www.devmyrtveitfoto.no leads to the www.devdynaplan.com-site. If I change the order of them in httpd.conf, both of the urls leads to the www.devmyrtveitfoto.no-site. What am I doing wrong?

Thank you so much for your help and insight! smiley for :D

EDIT:
I found the solution through some googling, and posting it here in case anyone else needs it smiley for :)

Add this line to httpd.conf:
NameVirtualHost *

That's all! smiley for :D

Good catch. My current development configuration uses:
NameVirtualHost *:80
Listen 80

<VirtualHost *:80>
...
It's Ubuntu. Regardless, yes, you do need that somewhere. Thanks!

;o) Cor



IamXPLiCiT - 25.12.12 12:18 pm

thanks, this really helped in combination with the host file on my linux server, now my game server should report locally and not to gamespy.


joli - 18.09.15 6:51 pm




MAINTENANCE MODE!
Posting is currently disabled while I switch servers.

Welcome to corz.org!

If something isn't working, I'm probably improving it, try again in a minute. If it's still not working, please mail me!