3

I'm going to just post this question and I'll edit it if the community determines it needs elaboration or clarification.

The Issue

I got what I thought was a brilliant idea today. I shop Amazon.com a lot. Amazon offers a program where a portion of all your purchases go to a charity of your choice called "Amazon Smile". You can choose to "activate" the charity by going to "smile.amazon.com" (a subdomain of amazon.com). I want to use the Windows 10 hosts file to redirect whenever I type "amazon.com" to go to "smile.amazon.com" automatically, so that my charity always benefits. Unfortunately, it is not working as I had hoped.

What I have Tried

First I opened Notepad.exe as admin. Then, I opened the hosts file from Notepad (path:)

C:\Windows\System32\drivers\etc\hosts

and tried all of the following, to no avail:

  • Direct url conversion

    smile.amazon.com amazon.com

  • Pinged with CMD to get URL for smile.amazon.com (54.239.26.123)

    54.239.26.123 amazon.com

  • Added the www subdomain routing as well

    54.239.26.123 amazon.com 54.239.26.123 www.amazon.com

  • None of it seems to have worked (when I type _amazon.com_ the address in the URL bar doesn't change to "smile.amazon.com"), however, there is some kind of certificate error. I tried 4 browsers including Firefox, Chrome, SeaMonkey, and IceDragon, (clearing cache on all of them), to no avail.

  • As per this Server Fault post, I tried this:

    • ipconfig /flushdns
    • ping smile.amazon.com Pinging smile.amazon.com [54.239.26.123] with 32 bytes of data: Request timed out.
    • C:\WINDOWS\system32>nbtstat -R Successful purge and preload of the NBT Remote Cache Name Table.

Certificate/Saftey Errors

After making the above changes I get this error:

Chrome:

Your connection is not private

Attackers might be trying to steal your information from www.amazon.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID

If I click "Advanced", I get this:

This server could not prove that it is www.amazon.com; its security certificate is from smile.amazon.com. This may be caused by a misconfiguration or an attacker intercepting your connection.

When I click to proceed to amazon anyway, the browser takes me to amazon.com and I see this in the url:

(https[crossed-out])://www.amazon.com

My Questions

So, I guess what I want to know is:

  1. Is redirecting amazon.com to smile.amazon.com even possible through the Windows hosts file?
  2. How can I do it?
Community
  • 1
Eric Hepperle - CodeSlayer2010
  • 135
  • 1
  • 1
  • 8
  • Related: http://unix.stackexchange.com/questions/297954/blocking-only-a-certain-subpage-of-a-website It refers to `/etc/hosts` on a un*x system, but applies equally to what you are trying to do. – user4556274 Jul 29 '16 at 15:10

6 Answers6

5

DNS resolution and HTTP redirections are completely different things and this approach is wrong. Poisoning your local DNS resolution to enforce "amazon.com" resolution to fake "smile.amazon.com" IP will only result in issues with SSL certificates, HTTP sessions and cross-site request denials in the server side:

First, the SSL certificate. amazon.com and smile.amazon.com are served using subdomain specific certificates, so browsers elevate an error to the user in the occurrence of a URL request not matching the certificate name. So, if you ask for "amazon.com" resources to the servers backing "smile.amazon.com", even before the HTTP request may be performed, your browser will warn you due to the non matching certificate name. Of course, you may ignore this, but the javascript backing the application logic may not in the presence of crossed domain requests, rendering the web completely useless.

Second, should you bypass in any way the SSL issues, your browser will send requests to smile.amazon.com asking for amazon.com contents, which will result in all sort of security mechanisms raised in the server side to deny such crossed-site requests.

And finally, expect all kind of issues with server side session management, authentication, cookie validation, etc.

ma.tome
  • 1,169
  • 8
  • 15
  • Thanks for your reply. I see now that I was confusing DNS resolution and HTTP redirection, and it appears the answer to my question is that is is `NOT POSSIBLE`. Well, at least I won't waste any more time on it. I will edit my hosts file now in shame. – Eric Hepperle - CodeSlayer2010 Aug 04 '16 at 20:49
4

I was searching for a solution to redirect a url for another, and found this thread. I thought others could find my finding useful, even if it's not a direct answer to your question, it is a solution to the problem nonetheless.

I suggest you to try, instead of editing the hosts file in windows, to use a plugin like Redirector for Firefox or Redirector for Chrome.

It's working great to keep me from browsing some websites when I don't want, by exemple for productivity purposes, or to force myself to use a new service. One could imagine using a redirector to stop using hotmail.com and use another custom service, in exemple, without changing any other habits.

Jonas Hopp
  • 41
  • 1
  • This is the most user-friendly way of doing it (and secure as there is no trick with SSL certificates) ! It's sad that this simple problem is so hard to solve, especially for the whole system – Maskim Jul 21 '21 at 10:20
2

This might help you solve your problem if you are a Chrome user:

SmileAlways is a Chrome extension that automatically redirects you to smile.amazon.com.

maxskybarger
  • 21
  • 1
1

Since both amazon.com and smile.amazon.com are hosted by more than one ip-address, your hosts file may require updating on a regular basis.

And it may also be that Amazon uses the host-header (which is the domain you write in the browser) to detect which site you try to access, so I think another approach is needed. If it's possible for you to set up a local webserver (either on your own computer or hosted somewhere), you can make that web-server host an amazon.com dummy website that does a redirect to smile.amazon.com, and then make one entry in the hosts file:

<ip-of-local-webserver>    amazon.com

Since the web-server would do a redirect, your browser would be redirected to smile.amazon.com, every time you write amazon.com in the browser. This would also eliminate any certificate warnings.

Lars Lind Nilsson
  • 261
  • 1
  • 5
0

  1. NBTSTAT is a NetBIOS tool and has nothing to do with DNS.

  2. If you want amazon.com to resolve to the ip address of smile.amazon.com via your host file then you would ping amazon.com, not smile.amazon.com after you've added the host file entry. Your goal is to resolve amazon.com to the ip address of smile.amazon.com, so the name amazon.com is the name you should be using in your tests to make sure it resolves to the ip address of smile.amazon.com.

  3. If you add an entry in your hosts files for amazon.com using the ip address for smile.amazon.com and pinging amazon.com returns the ip address for smile.amazon.com then the hosts files is working. If your browser directs you to amazon.com anyway then it has nothing to do with your hosts file.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
0

I guess there's a little bit of confusion here. You don't need these lines:

smile.amazon.com amazon.com
54.239.26.123 amazon.com

But only these, which redirect amazon.com address to smile.amazon.com's IP:

54.239.26.123 amazon.com
54.239.26.123 www.amazon.com

But it doesn't work either:

1st: because using IP address you are reaching their NIC/NAT/Gateway, While URL points to a webpage within the website(s) behind that IP address. For example, if you resolve youtube.com and then try to manually open it's IP address, you'll reach www.google.com, because both are hosted behind the same address(es) and are identified by their URL. So, imagine both are hosted behind 54.239.26.123 and the only way to reach them is the URL, which you replaced with amazon.com, meaning you want to visit amazon.com!

2nd: Let's suppose smile.amazon.com is hosted by another server. SSL/TLS certificates are issued to URLs, in some cases even if you access a website using address.com instead www.address.com you'll get a certificate error, because certificate is issued only to the latter. So, if you try to access an IP intended for smile.amazon.com using the address of amazon.com you'll get a certificate security warning and you have to add a security exception.

Sorry I'm not an expert in web services/hosting. I just did my best to explain it.

NetwOrchestration
  • 101
  • 3