Arp posoning generates conflict in the victim's browser NET::ERR_CERT_AUTHORITY_INVALID

[Deviandorex]

Every time i poison the victim machine using dns.conf file configuration:

---------------

Linux

---------------

redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp -d %destination --dport %port -j REDIRECT --to-port %rport" redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp -d %destination --dport %port -j REDIRECT --to-port %rport"

pendant for IPv6 - Note that you need iptables v1.4.16 or newer to use IPv6 redirect

redir6_command_on = "ip6tables -t nat -A PREROUTING -i %iface -p tcp -d %destination --dport %port -j REDIRECT --to-port %rport" redir6_command_off = "ip6tables -t nat -D PREROUTING -i %iface -p tcp -d %destination --dport %port -j REDIRECT --to-port %rport"

The browser does not enter any website giving the following error

The connection is not private Attackers may be trying to steal your information from www.playstation.com (for example, passwords, messages, or credit cards). More information NET::ERR_CERT_AUTHORITY_INVALID

However, by deactivating the options previously written in the etter.conf file, the victim machine's browsing returns to normal but the dns spoof does not work afterwards.

[LocutusOfBorg]

Yeah, this is probably by design, the browser is trying to inform you that the end url is having a bad certificate (not signed by a root CA).

[koeppea]

I recommend you watching our latest tutorial on this topic: https://youtu.be/IhNs_SRlMVI

[koeppea]

DNS Spoofing entries are stored in etter.dns file. The entries you described are in etter.conf and are related to SSL interception. I already pointed you to the video that explains in detail the handling of these configuration statements and the side effects that occur.

However this has nothing to do with DNS spoofing as far as I can see from the information supplied.

Closing as this is expected behavior.