Home 0P3N Blog Problem With Dnsspoofing
Ready to Start Your Career?
Create Free Account
authors profile image
January 1, 2016

Problem With Dnsspoofing

January 1, 2016
authors profile image
January 1, 2016
I have a problem with dnsspoof. I used exploit ms10\_002\_aurora so i can get a sessions when someone with IE clicks on it. I did everything well there and then I wanted to do dnsspoofing so if he goes to google.com, it redirects him to that link that will open a session. I opened two consoles and typed arpspoof -i eth0 -t 192.168.1.1 192.168.1.16 in first console and then typed arpspoof -i eth0 -t 192.168.1.16 192.168.1.1 in another console Then, I made a .txt file like this: I typed nano /root/hosts.txt and then typed in there this text: https://192.168.1.9:8080/class www.google.com and saved it. Then, I opened another console and typed dnsspoof -i etho -f /root/hosts.txt and it started listening. But, when I go to google.com it doesnt redirect me to link that i wanted to. Whats the problem and how can i fix it? And yes, I did the IP forwarding typing this: echo 1 > /proc/sys/net/ipv4/ip\_forward Your /root/hosts.txt file is off. It should read "192.168.1.9 \*.google.com" [This might help with dns spoof](https://tournasdimitrios1.wordpress.com/2011/03/03/dns-spoofing-with-dnsspoof-on-linux/)Google is probably a bad choice to spoof as well, I believe they implement [HSTS](http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) and [certificate pinning](https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#What_Is_Pinning.3F) in the browser. Your also going to have to redirect them to port 8080 if thats where your webserver is listening (or you could move your webserver to the standard 80). GL! Thank you for answering. I did dns spoofing but not like this. I used ettercap and everything worked fine. But, when victim tries to connect to facebook(for example) it says that its impossible to connect to this site. Its not privacy error, its like when you dont have internet connection and try to connect to a site. Why is this happening and how can i fix it? Every time you use MITM Type Attacks you have to do 2 things : 1. echo '1' > /proc/sys/net/ipv4/ip\_forward #Enables IPv4 Forwarding 2. iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080 #HTTP iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8080 #HTTPS This actually redirects Traffic through the Kernel With DnsSpoofing you need to use ArpSpoofing to trick dns + victim into thinking your the dns Swap your MacAddr + IP for DNS' & send it to Victim Then you wait for Victim to use http, https To add to web junky's point. Georgia actually shows how to setup the ip forwarding and the IPTables configuration in the ettercap video. You can check that if the above response is not clear enough. Hello, guys. Thank you for answering. I successfully did dns spoofing but not with ettercap, I did it with dns spoof tool that Georgia used. I just have one little problem. It all works fine, but a victim needs to clean dns cache so he uses my "updated" dns. How can I clean his DNS cache with Kali Linux instead of him? Is it even possible? i worked dns spoofing and i have problem when i typing the ip it is good but if i typing url for example www.facebook.com doesn't work ?why and what is sulation it? This is an old thread but I had issues yesterday where the results of redirecting (google.com, test.lan, etc) to another host running a http server (not the Kali box) were erratic at best. Like the lesson exercise the tools in use were arpspoof and dnsspoof. Initially I was using a wifi connection from the Kali box (to a router which had a couple of devices to get to the target and http server) and the other machines were all LAN'ed. This morning I decided to connect the Kali Laptop to a local switch (over ethernet) and retry the experiment which it worked consistently. This is by no means scientific (there could be a host of possible explanations, which I'm not willing to investigate at this time), but worth consideration depending on your topology if your suffering similar issues.
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry