DNS Poisoning-Sniffing Attack With Ettercap
Today we are going to learn how to do DNS Poisoning-Sniffing attack. First of all we need Linux, preferably Kali. You can find seting up kali here
- For DNS Poisoning attack, we need 1 victim on same network, i will use windows 10 VM
Before we start, What Is DNS Poisoning?
DNS poisoning is a hacker technique that manipulates known vulnerabilities within the domain name system (DNS). When it’s completed, a hacker can reroute traffic from one site to a fake version. And the contagion can spread due to the way the DNS works.
The Chinese government uses DNS poisoning to block access to sites that hold content that officials find objectionable. Users in China may think they have the right address (such as https://www.facebook.com). But due to spoofing, when they type in this address, they head to a completely different server. That server loads something different altogether.
In 2014, Chinese spoofing spread into the wider world. At one point, reporters say, this problem impacted about a seventh of all internet users across the globe. None could load the sites they wanted to see, including Facebook and Twitter.
Source: https://www.okta.com/identity-101/dns-poisoning/
How we do?
First of all i created a fake website for tests, i will redirect victims to my website, it is simple html file only says “You Have Been Hacked!”
- We have to do some changes on etter.conf file, uid and gid will have to 0. If it is not make sure it is,
- After that, we go to etter.dns, this is the file we input fake dns,
- And here we forward every link to my local ip, “*” is wildcard here, and use A after “*”
- Now open the ettercap with ettercap -G and select
- After That, scan for the hosts,
- Go to host list, and that is our victim,
- Select the machine and , add to target,
- Go to the MITM Menu select ARP poisoning, and
- Next, we will have to install dns spoofing plugin, go to the top right menu, select plugins and manage plugins and select dns_spoof.
- After that, we can see spoofing to our ip address from this victim computer,
- And the victim side, this is our website, that was all, after we stoped the ettercap, it will be turn normal after restart.
Disclaimer
Hacking without permission is illegal. This website is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing so that we can protect ourselves against the real hackers.