Open arifsbc opened 4 years ago
Its not because it requires dns spoof to work proper ..
But it will require target machine on same LAN for morpheus been abble to re-direct all domain names ended in .com to our apache2 webserver ..
So.. the target must write in browser url field any domain ended with .com <-- if the domain its on target cache then target pc will not use dns to resolve the adrress making the attack fail..
A good way to test this is to enter a domain thats not on browser cache. For example: fadsfzs.com
will be redirected to our apache2 were the phising webpage awaits for credentials enter ...
if login website hosted to the pc ip instead to router gateway than this attack is futile after all.