How to Troll Your Roommates With a Shared Router

| By

This article will show you how to troll your roommates or family by sending their browsers to this amazing website where He Man sings “What’s Up” by 4 Non Blondes (flash required) whenever they try to visit facebook.com.

What you’ll need:

  • administrative access to a router (I used a Netgear router with firmware WNR1000v3 leased from Time Warner)
  • router firmware that lets you configure static routes, port forwarding, etc
  • a server connected to the router (I used jarvis which runs Ubuntu 12.04)
  • DNS software running on that server (I used bind)

What you won’t need:

  • access to your victims’ devices (we will be doing something more sophisticated than simply editing /etc/hosts)

How the prank will work

We will intercept the DNS queries unsuspecting devices make to the router for facebook.com and reply back with the IP address for He Man. The router will send those DNS queries to your server instead of legitimate DNS servers and your server will reply back with the IP for He Man. Your roommates will be confused.

Configure your router

If you’re connected to the router, you can find the router’s IP address with ifconfig. If you’re on a Mac, you can also go to Network settings -> [select the connection on the left hand side for the router] -> Advanced -> TCP/IP -> find the “Router” IP address.

Go to that IP address in a browser.

Most routers will show you an admin page that prompts for a username and password. The default is usually admin/admin or admin/password.

Find the page that lists the devices connected to the router. Note down your server’s IP address.

Set the DNS servers for your router to Google’s DNS servers: 8.8.8.8, 8.8.4.4.

Setup a static route for each of these Google IPs that point to your server.

Install and configure DNS software on your server. I used bind9 and followed this tutorial by Digital Ocean. I skipped the secondary DNS server and reverse zone files and anything after that.

/etc/bind/named.conf.options
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

acl "trusted" {
    localhost;    # ns1 - can be set to localhost
    192.168.254.1;  # apartment router
};

options {
    directory "/var/cache/bind";

    recursion yes;                 # enables resursive queries
    allow-recursion { trusted; };  # allows recursive queries from "trusted" clients
    allow-transfer { none; };      # disable zone transfers by default
 
    // Time Warner DNS to avoid infinite loop
    forwarders {
        209.18.47.61;
        209.18.47.62;
    };

    dnssec-validation auto;

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};
/etc/bind/named.conf.local
1
2
3
4
5
6
7
8
9
10
11

//
// Do any local configuration here
//
zone "facebook.com" {
    type master;
    file "/etc/bind/zones/db.facebook.com"; # zone file path
};

// Consider adding the 1918 zones here, if they are not used in your
// organization
include "/etc/bind/zones.rfc1918";
/etc/bind/zones/db.facebook.com
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

;
; BIND data file for facebook.com zone
;
$TTL  604800
@ IN  SOA jarvis.davidxia.com. jarvis.davidxia.com. (
            3   ; Serial
       604800   ; Refresh
        86400   ; Retry
      2419200   ; Expire
       604800 ) ; Negative Cache TTL
;
; name servers - NS records
    IN      NS      jarvis.davidxia.com.

; name servers - A records
jarvis.davidxia.com.          IN      A       192.168.254.8

; 192.168.254/8 - A records
facebook.com.        IN      A      205.186.179.191
www.facebook.com.    IN      A      205.186.179.191

Make sure you use different DNS forwarders than the ones you specified in your router, otherwise you’ll create an infinite loop. I used Time Warner’s DNS servers.

Check your server returns He Man’s IP when asked for facebook.com.

dig facebook.com @localhost +short
205.186.179.191
dig heyyeyaaeyaaaeyaeyaa.com @localhost +short
205.186.179.191

Add iptable rules to replace the router’s incoming DNS query packets’ destination IP with your server’s IP to make your server from actually respond to them. Add rules for both UDP and TCP for both IP addresses for a total of four.

sudo iptables -t nat -A PREROUTING -p udp -d 8.8.8.8 --dport 53 -j NETMAP --to 192.168.254.8
sudo iptables -t nat -A PREROUTING -p udp -d 8.8.4.4 --dport 53 -j NETMAP --to 192.168.254.8
sudo iptables -t nat -A PREROUTING -p tcp -d 8.8.8.8 --dport 53 -j NETMAP --to 192.168.254.8
sudo iptables -t nat -A PREROUTING -p tcp -d 8.8.4.4 --dport 53 -j NETMAP --to 192.168.254.8

Check you get the following output.

sudo iptables --list -t nat

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
NETMAP     tcp  --  anywhere             google-public-dns-a.google.com  tcp dpt:domain192.168.254.8/32
NETMAP     tcp  --  anywhere             google-public-dns-b.google.com  tcp dpt:domain192.168.254.8/32
NETMAP     udp  --  anywhere             google-public-dns-b.google.com  udp dpt:domain192.168.254.8/32
NETMAP     udp  --  anywhere             google-public-dns-a.google.com  udp dpt:domain192.168.254.8/32

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Now check your router returns He Man’s IP when asked for facebook.com.

dig facebook.com @192.168.254.1 +short
205.186.179.191
dig heyyeyaaeyaaaeyaeyaa.com @192.168.254.1 +short
205.186.179.191

Use tcpdump to debug if this doesn’t work.

And you’re done! Kind of… There are a few things that still don’t work. The IP address for He Man is probably a server that hosts multiple domains and doesn’t know which one to go to if only given the IP. Bind can’t return a domain name, so I made bind return an IP address which led to a static page with some Javascript that simply redirects to heyyeyaaeyaaaeyaeyaa.com.

1
2
3
4
5
6
7
8
9
10
11
12

<html>
  <head>
    <title>Redirecting...</title>
  </head>

  <body>
    <p>Redirecting...</p>
    <script type="text/javascript">
      window.location = 'http://heyyeyaaeyaaaeyaeyaa.com/';
    </script>
  </body>
</html>

The major wrinkle is that Facebook uses SSL/HTTPS so modern browsers will just show a warning and not request the page. So you can really only redirect from HTTP sites to other HTTP sites, but hopefully this prank is still worth something. I certainly had fun with it :)

  • Currently reading: The Wind-Up Bird Chronicle by Haruki Murakami

Comments