Problem with dnsspoofingAdvanced Penetration Testing Course

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Home Forums Courses Advanced Penetration Testing Course Problem with dnsspoofing

This topic contains 8 replies, has 6 voices, and was last updated by  franko 2 years, 4 months ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
  • #4300


    I have a problem with dnsspoof. I used exploit ms10_002_aurora so i can get a sessions when someone with IE clicks on it. I did everything well there and then I wanted to do dnsspoofing so if he goes to, it redirects him to that link that will open a session.
    I opened two consoles and typed arpspoof -i eth0 -t in first console
    and then typed arpspoof -i eth0 -t in another console
    Then, I made a .txt file like this:
    I typed nano /root/hosts.txt and then typed in there this text: and saved it.
    Then, I opened another console and typed dnsspoof -i etho -f /root/hosts.txt and it started listening. But, when I go to it doesnt redirect me to link that i wanted to.
    Whats the problem and how can i fix it?



    And yes, I did the IP forwarding typing this: echo 1 > /proc/sys/net/ipv4/ip_forward



    Your /root/hosts.txt file is off. It should read “ *”
    This might help with dns spoof

    Google is probably a bad choice to spoof as well, I believe they implement HSTS and certificate pinning in the browser.

    Your also going to have to redirect them to port 8080 if thats where your webserver is listening (or you could move your webserver to the standard 80).


    • This reply was modified 5 years, 3 months ago by  ahhh.


    Thank you for answering. I did dns spoofing but not like this. I used ettercap and everything worked fine. But, when victim tries to connect to facebook(for example) it says that its impossible to connect to this site. Its not privacy error, its like when you dont have internet connection and try to connect to a site.
    Why is this happening and how can i fix it?



    Every time you use MITM Type Attacks you have to do 2 things :
    1. echo ‘1’ > /proc/sys/net/ipv4/ip_forward #Enables IPv4 Forwarding
    2. iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT –to-ports 8080 #HTTP
    iptables -t nat -A PREROUTING -p tcp –dport 443 -j REDIRECT –to-ports 8080 #HTTPS
    This actually redirects Traffic through the Kernel
    With DnsSpoofing you need to use ArpSpoofing to trick dns + victim into thinking your the dns
    Swap your MacAddr + IP for DNS’ & send it to Victim
    Then you wait for Victim to use http, https



    To add to web junky’s point.
    Georgia actually shows how to setup the ip forwarding and the IPTables configuration in the ettercap video. You can check that if the above response is not clear enough.



    Hello, guys. Thank you for answering. I successfully did dns spoofing but not with ettercap, I did it with dns spoof tool that Georgia used. I just have one little problem. It all works fine, but a victim needs to clean dns cache so he uses my “updated” dns. How can I clean his DNS cache with Kali Linux instead of him? Is it even possible?


    Hassan alahmadi

    i worked dns spoofing and i have problem when i typing the ip it is good but if i typing url for example doesn’t work ?why and what is sulation it?



    This is an old thread but I had issues yesterday where the results of redirecting (, test.lan, etc) to another host running a http server (not the Kali box) were erratic at best.
    Like the lesson exercise the tools in use were arpspoof and dnsspoof.

    Initially I was using a wifi connection from the Kali box (to a router which had a couple of devices to get to the target and http server) and the other machines were all LAN’ed.
    This morning I decided to connect the Kali Laptop to a local switch (over ethernet) and retry the experiment which it worked consistently.

    This is by no means scientific (there could be a host of possible explanations, which I’m not willing to investigate at this time), but worth consideration depending on your topology if your suffering similar issues.

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?