How to Spoof a DNS
A Domain Name System is a service which translates IP address to domain name and domain name to IP address. DNS spoofing is when a hacker redirects a website user to a malicious website. In this tutorial I will be showing you how to perform one of these attacks and redirect a Facebook user to a fake website.
Disclaimer: Before I go over the steps to do this I’d like to note that attacking someone’s network, computer or website without their permission is illegal in the United States and in most countries. In the U.S. it is technically only illegal when used with malicious intent, hence testing this on your OWN device or on someone’s who has ALLOWED you is perfectly acceptable and legal. Because of the potential unethical uses, many popular attackers (Anonymous) have either been or are currently in Federal prison. Do not be unethical.
*Windows or Linux
*A target machine
In this guide, we will be executing a LAN attack. I will also be using Kali Linux for my attacking machine as it is the best all-in-one hacking suite and Windows as the target. The first step it to check the target IP address by running a quick scan. The command is “nmap -sS (IP address range)”. This process may take some time.
The tool we will be using in this guide is Ettercap. But before that we need to edit a file. The file name is etter.conf which is found in /etc/ettercap/etter.conf
Open a terminal and type in “gedit /etc/ettercap/etter.conf” You will see files opened in the Gedit text editor.
Next you have to edit the ‘uid’ and the ‘gid’. Replace the amount with ‘0’. Scroll down and search for Linux. Here you will edit the ‘#’ signs next to redir_command_on and redir_command_off for the iptables set. Just remove it, don’t add ‘0’ or anything else to the configuration. Save the file and exit.
Now you need to open Ettercap. Open a terminal and type in “ettercap -G”. This will give you the GUI tool Ettercap which is used to do lot of things in Kali Linux.
Go to ‘sniff’ in the menu bar and select ‘unified sniffing’. This will ask for which adapter or interface you want to sniff. Mine is eth0. Click OK. If you are on Wi-Fi, you may want to select WLAN. The sniffing process will automatically start. You don’t want that yet. So you will need to stop the sniffing for now.
Now it’s time to scan the network. Go to “Hosts” and select ‘scan for hosts’. When the scan is complete, go back to to “Hosts” and select “Hosts List”. This will show you the computers that are alive in your network.
Now it’s time to select your target. If you are following this tutorial exactly, there will be two targets here. One is the target (Windows) machine and the other, your gateway. If you don’t know your gateway IP address, then open a terminal and type “route”. This will show you the gateway of your network.
Select your target by clicking on the target IP.
Add your gateway address then click on it and click on ‘add to target 1’
Do the same to your target IP address but this time click on ‘Add to Target 2’
Go to MITM in the menu and select ‘ARP poisoning’. After selecting you will get an option tab and you have to select “Sniff remote connections”
Now move to the ‘Plugins’ tab and select “Manage the plugins”. Here, you will have to select which plugins to use. Select “dns-spoof” because you are spoofing the DNS. The process will complete after we edit another file which will be the Host File.
Open another terminal and type “gedit /etc/ettercap/etter.dns”. This will open up the host file. This file contains the codes where it controls which site should be redirected to which site. Scroll down and search for “Microsoft Sucks”
Here if the user wants to access the Microsoft website, the spoof will redirect him to www.linux.org. Also, for the record, Microsoft fucking sucks…
Now you will edit a few lines. Remove the last line which says “www.microsoft.com PTR 220.127.116.11 # wildcards in PTR are not allowed” and replace the microsoft.com with dizzie.org. Save the file and don’t edit anything else.
There is now an IP address. We have to change it with our IP. If you dont know your IP address then open a terminal and say “ifconfig”. Now, replace the IP address. Remember that the space between the elements is a tab. Not a space. Use tab if incase your edit goes wrong.
Save the file. This will redirect the Facebook homepage to your IP. Also just so you know, this is an HTTP attack so some browsers can block it.
You need to edit another html file which is located in computer /var/www/html. It is the index.html file.
Open the file with gedit and delete everything inside. Just type in a new code which says something like “<h1> I’m Innocent </h1>”
Save the file and exit.
Now you’re gonna need to start your Apache server. Open another Terminal and type “service apache2 start”.
It’s finally time to conduct the attack. Go to Ettercap and start sniffing.
Go to the target machine and try to access the Facebook website. Let’s see what happens.
If everything is successful, the target will be redirected to your fake website. This is DNS spoofing and you are now officially a pain in the ass. Congratulations.