Sunday, January 27, 2013
Today i will show you a simple method to DNS Spoof with Ettercap GUI. I was meaning to post this sooner but i got caught up with other things. This is a very simple and useful method/knowledge , especially for the upcoming SET (Social Engineering Toolkit) tutorials that i have lined up for the next few days. This is not the only method out there to DNS Spoof but lets start here.
You may also download the pdf version of this tutorial here.
DNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is introduced into a Domain Name System(DNS) name server’s cache database, rerouting a request for a web page, causing the name server to return an incorrect IP address, diverting traffic to another computer (often the attacker’s). – Wikipedia
Tools Needed :
- Linux
- Ettercap
Lets Begin :
1) The steps to the following procedures are pretty much the same as the password sniffing tutorial here but we will add a few more tiny additional steps in this tutorial.
2) Ok now open up a Terminal and type : locate etter.dns
3) Next based on my etter.dns location, type: nano /usr/local/share/ettercap/etter.dns
4) For this tutorial i am going to use facebook.com as an example, so as you can see from below, i have changedfacebook.com -> (My Ip). Modify your etter.dns to your IP and save etter.dns.
5) Now lets start up Ettercap GUI, to do this type : ettercap -G
6) Just like in the previous tutorial, lets click on Sniff –> Unified Sniffing
7) Now go to “Hosts” and click on “Scan for hosts”
8) Next you will be prompted for your Network Interface. choose your interface and press the Enter key. 
9) Now on the ettercap GUI click on Start –> Start Sniffing.
10) Click on MitM –> Arp Poisoning.
11) When the prompt screen appears, tick on Sniff Remote Connections and click OK.
12) Ok so far we have set up etter.dns, united sniffing and arp poisoning. Now lets proceed to activate the plugins.
13) Click on Plugins –> Manage Plugins.
14) Now you will be able to see a whole list of plugins there for you to pick from. Lets firstly get our dns_spoofing settled. To do this click on the “dns_spoof plugin” and press enter.
15) Congrats you have now started dns spoofing successfully. Now i am going to add two more plugins, this is optional but i usually have it turned on.
16) Since in this tutorial i am targeting the whole network, i decided to use the “autoadd plugin”, this will automatically add new users/victims that is in your target range. This is useful for attacks such as credential harvester in SET (Social Engineering Toolkit).
17) Next to ease my paranoid , network possessive mind at ease, i turn on both the “arp-cop plugins” (reports suspicious arp activity) & “find_ettercap plugins” (locate other ettercap activity) on MY LAN.
18) Currently ettercap is set up to poison my LAN gateway server and redirect all http://www.facebook.com request to 192.168.0.106 :80. So if i were to set up a fake malicious/phishing site on my port 80, i could steal login credentials or gain access to their system.
19) How do i set up a fake phising site? Read my tutorial on “How to “Phish/Steal Facebook Credentials” or watch the video below for the full demonstration.
Contributed By Alok Rathaur