This article will show you how to troll your roommates or family by sending their browsers to this amazing website where He Man sings “What’s Up” by 4 Non Blondes (flash required) whenever they try to visit facebook.com.
What you’ll need:
- administrative access to a router (I used a Netgear router with firmware WNR1000v3 leased from Time Warner)
- router firmware that lets you configure static routes, port forwarding, etc
- a server connected to the router (I used jarvis which runs Ubuntu 12.04)
- DNS software running on that server (I used bind)
What you won’t need:
- access to your victims’ devices (we will be doing something more sophisticated than simply editing
How the prank will work
We will intercept the DNS queries unsuspecting devices make to the router for facebook.com and reply back with the IP address for He Man. The router will send those DNS queries to your server instead of legitimate DNS servers and your server will reply back with the IP for He Man. Your roommates will be confused.
Configure your router
If you’re connected to the router, you can find the router’s IP address with
ifconfig. If you’re
on a Mac, you can also go to Network settings -> [select the connection on the left hand side for
the router] -> Advanced -> TCP/IP -> find the “Router” IP address.
Go to that IP address in a browser.
Most routers will show you an admin page that prompts for a username and password. The default is usually admin/admin or admin/password.
Find the page that lists the devices connected to the router. Note down your server’s IP address.
Set the DNS servers for your router to Google’s DNS servers: 22.214.171.124, 126.96.36.199.
Setup a static route for each of these Google IPs that point to your server.
Install and configure DNS software on your server. I used bind9 and followed this tutorial by Digital Ocean. I skipped the secondary DNS server and reverse zone files and anything after that.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
1 2 3 4 5 6 7 8 9 10 11
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Make sure you use different DNS forwarders than the ones you specified in your router, otherwise you’ll create an infinite loop. I used Time Warner’s DNS servers.
Check your server returns He Man’s IP when asked for facebook.com.
dig facebook.com @localhost +short 188.8.131.52 dig heyyeyaaeyaaaeyaeyaa.com @localhost +short 184.108.40.206
Add iptable rules to replace the router’s incoming DNS query packets’ destination IP with your server’s IP to make your server from actually respond to them. Add rules for both UDP and TCP for both IP addresses for a total of four.
sudo iptables -t nat -A PREROUTING -p udp -d 220.127.116.11 --dport 53 -j NETMAP --to 192.168.254.8 sudo iptables -t nat -A PREROUTING -p udp -d 18.104.22.168 --dport 53 -j NETMAP --to 192.168.254.8 sudo iptables -t nat -A PREROUTING -p tcp -d 22.214.171.124 --dport 53 -j NETMAP --to 192.168.254.8 sudo iptables -t nat -A PREROUTING -p tcp -d 126.96.36.199 --dport 53 -j NETMAP --to 192.168.254.8
Check you get the following output.
sudo iptables --list -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination NETMAP tcp -- anywhere google-public-dns-a.google.com tcp dpt:domain192.168.254.8/32 NETMAP tcp -- anywhere google-public-dns-b.google.com tcp dpt:domain192.168.254.8/32 NETMAP udp -- anywhere google-public-dns-b.google.com udp dpt:domain192.168.254.8/32 NETMAP udp -- anywhere google-public-dns-a.google.com udp dpt:domain192.168.254.8/32 Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination
Now check your router returns He Man’s IP when asked for facebook.com.
dig facebook.com @192.168.254.1 +short 188.8.131.52 dig heyyeyaaeyaaaeyaeyaa.com @192.168.254.1 +short 184.108.40.206
tcpdump to debug if this doesn’t work.
1 2 3 4 5 6 7 8 9 10 11 12
The major wrinkle is that Facebook uses SSL/HTTPS so modern browsers will just show a warning and not request the page. So you can really only redirect from HTTP sites to other HTTP sites, but hopefully this prank is still worth something. I certainly had fun with it :)