# SOLVED:Spoofing DNS on home network for a marriage proposal?

## sirlark

Like many of us, the first thing my girlfriend does when she gets out of bed in the morning is turn on her computer and fire up her browser. In fact she has the process optimised: wake up, turn on desktop, turn on kettle and place instant coffee in mug while desktop boots, return to desktop, fire up browser read a few feeds while kettle boils, at sound of click finish making coffee, drink coffee whilst reading more feeds, greet me. Since the first thing she sees most mornings is www.google.com, I though it might be a great way to propose to her, specifically via a google doodle. I applied to the doodle dudes about 2 months ago, but have not heard back from them. In the meanwhile, the ring has been chosen and bought and altered to personal taste. I'm picking it up from the jewellers on Monday. I know they're busy, but I can't wait on the doodle duds any longer. In lieu of an actual doodle, I thought I could at least spoof www.google.com on the home network for a couple of minutes, and make her first view of the morning see my marriage proposal served from my local linux box. I've downloaded html, js, and images from www.google.com and recreated a carbon copy in my own named virtual host of www.google.com on my apache server. My network setup is like so:

Internet <--> ADSL router <--> Server (Gentoo) <--> local network of wifi routers, iphones, laptops and desktops

The ADSL router does not serve DHCP. The gentoo server performs basic NAT and serves DHCP and DNS via dnsmasq. I had hoped this would be a simple matter of putting an entry for www.google.com that points to my server into /etc/hosts on the server. Alas this did not work, so I went digging around in dnsmasq.conf to see if there was something wrong there. I discovered the local setting, which forces certain matching dns queries to be resolved from /etc/hosts. From my gentoo laptop this now works perfectly, but from her desktop machine which runs windows XP pro, when surfing using chrome (which is browser) it somehow manages to get to the real google page  :Sad: 

I was thinking this is maybe a DNS caching thing, or maybe that Chrome has google's DNS entries 'built in' although this would be idiotic I think. Of course it occurred to me I might have done something wrong, and this where I need my fellow gentooers help.

FYI I post my dnsmasq.conf as set to spoof google.

```
domain-needed

bogus-priv

local=/google.com/

address=/www.google.com/192.168.0.1

interface=eth0

expand-hosts

domain=google.com

dhcp-range=192.168.0.3,192.168.0.128,12h

dhcp-option=42,0.0.0.0

dhcp-option=19,0                # option ip-forwarding off

dhcp-option=44,192.168.0.1     # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)

dhcp-option=45,192.168.0.1     # netbios datagram distribution server

dhcp-option=46,8                # netbios node type

dhcp-option=47                  # empty netbios scope.

dhcp-option=vendor:MSFT,2,1i

dhcp-authoritative

```

Edit: SOLVED -- she loved it, and she said yes. Technically, I had to flush the DNS on here windows machine in addition to editing the hosts file on my system, the dnsmasq.conf file above worked just fine, and of course running the apache virtual host.

Edit2: And because I was spoofing, I could also make the "I'm feeling lucky" (i.e. yes) button return a search result directing here to the ring hidden behind her monitor.

----------

## chiefbag

Just add a host entry for google.com on the machine she uses and direct it to your local webserver.

----------

## TJNII

I believe Windows has some form of a hosts file (Registry?  God I hope not....) that I would try first.  A local hack will probably be easiest.

Then I would check what DNS servers she is using.  Make sure her box is using your "special" server.

Lastly, you can try squid.  This requires installing squid on the gateway server, setting up your firewall to force all HTTP traffic through squid, and then making squid return your page for google.  I've never actually set up squid, so I don't know how hard this will actually be, but it is another avenue.

----------

## Anarcho

You might also use IPTables on your gentoo box to redirect every packet which comes from here IP and to port 80 to your local webserver. Then it's independent of DNS and even independent of what page she opens!

iptables -t nat -A PREROUTING -i $LAN_ETH -s $HERE_IP -p tcp --dport 80 -j DNAT --to-destination $IP_OF_APACHE

----------

## tomk

 *TJNII wrote:*   

> I believe Windows has some form of a hosts file (Registry?  God I hope not....) that I would try first.  A local hack will probably be easiest.

 

It's c:\\windows\system32\drivers\etc\hosts in XP.

----------

## Havin_it

Wow... most unusual question context I've ever heard on a tech forum!

sirlark, with the greatest respect, and acknowledging that I don't know a thing about you or your lady and how you roll, I dearly hope that you have more planned for the moment of proposal than just a web page.

That said, if you are going to do this you'd better make 100% sure it works. You may well be onto something with your musing that Chrome may be hard-wired to resist spoofing of its own websites, so do not launch until you've done a trial-run, either on her machine if you're permitted such access, or on another, identically configured XP client if not.

The hosts file should be the safest solution (again, if you have access to monkey with it before she wakes), but even this might be overridden by Chrome; only one way to find out. Failing that, iptables will get you there, but note you might need to force-redirect DNS traffic as well as HTTP, depending what Chrome is up to.

Lastly, make sure your dummy page is eye-catching. Nothing would be worse than if she fails to take in the proposal and navigates away without noticing; for me, before the first cup'a joe in the morning, it would need to be full-page and flashing  :Laughing: 

Anyway, best of luck you old romantic you. Despite the note of caution, I'm really rather tickled by your ingenuity   :Very Happy: 

----------

## cach0rr0

planning on going with an ascii art ring, or an actual ring?

----------

## gerdesj

Good nerd skills here but let's go the whole hog.

I think you have control of DNS/DHCP already.

Make sure her browser is set to automatically configure a proxy or if you are feeling brave force it through transparent proxying at the router

Register wpad.<your internal domain name> on DNS and point it at your server

Create a wpad.dat file on your server's apache web space ie so http://wpad.<your internal domain name>/wpad.dat is this file:

```

//////////////////////////////////////////

//

// wpad.dat, Blueloop Ltd

// JG 12 Oct 2006

//

//////////////////////////////////////////

function FindProxyForURL(url, host)

  {

    if (isPlainHostName(host))

      return "DIRECT";

    if (isInNet(host, "192.168.0.0", "255.255.0.0") ||

        isInNet(host, "10.0.0.0",    "255.0.0.0") ||

        isInNet(host, "172.20.0.0",  "255.255.0.0") ||

        isInNet(host, "172.18.0.0",  "255.255.0.0") ||

        isInNet(host, "172.16.0.0",  "255.255.0.0") ||

        isInNet(host, "127.0.0.0",   "255.0.0.0")

   )

        return "DIRECT";

// removed

    // All other rules should be above here - JG 14 Oct 2010

    if (url.substring(0, 5) == "http:" ||

        url.substring(0, 6) == "https:"||

        url.substring(0, 4) == "ftp:"||

        url.substring(0, 7) == "gopher:"

    )

        return "PROXY <your squid box here>:3128; DIRECT";

    if (url.substring(0, 5) == "wais:")

        return "DIRECT";

      else

        return "DIRECT";

  }

```

So now you have her browser's attention, assuming you have squid installed.

If you are careful you can do all sorts of things once you have a proxy in the way.  There's the upsidedownternet - 

http://www.ex-parrot.com/pete/upside-down-ternet.html

Or you can redirect Google.

http://wiki.squid-cache.org/Features/Redirectors

Cheers

Jon

PS Thank you for a really good query - really made my day.

----------

## Suicidal

Marriage Marriage Marriage....

I loled at the post title.

----------

## sirlark

@cach0rr0: No, the ring wasn't the most expensive (1.2 carats total, on yellow and white gold) but it was real.

----------

## Havin_it

Have you done the deed? You HAVE to tell us how it went!

----------

## sirlark

Read the edits at the bottom of first post  :Wink:  But to keep you from suspense, She loved it, and said yes.

----------

