Sign in to follow this  
Followers 0
t0xizspill

Using ettercap with dns spoof

8 posts in this topic

What im trying to accomplish is switch out a DNS server on a router, since it has a primary and secondary,

 

is it possible to put your ip in there and have it get dns queries from your computer using ettercap's dns spoofing or so?

 

 

0

Share this post


Link to post
Share on other sites

You could also set up a proper DNS server on another machine. I'm assuming you are wanting to replace the DNS nameserver IP broadcast with DHCP leases, right?

0

Share this post


Link to post
Share on other sites

Im looking to hand out and take over the A records on some site DNS's. If the DNS ip was added to a router as a primary, it would just switch out whatever the dns server has.

 

For example, google.com has IP 10.0.0.1

 

DNS server would redirect any queries to google.com to 10.0.0.2 to anyone whose connected to that router.

0

Share this post


Link to post
Share on other sites

Well, that may be applicable to small routers (home, small business, et c.) but not so much with big routers, like the kind that run the Internet. It's easy enough to spoof DNS on a small network, I do it at home to blackhole DNS names from ad/scam sites. For instance, doubleclick.net routes to 127.0.0.1 on my home network.

0

Share this post


Link to post
Share on other sites

Im trying this on a small home router, its a cheap netgear router. You think setting up a dns server then setting A records to the specific sites i need it to redirect would work?

0

Share this post


Link to post
Share on other sites

It should, yes. Generally the better small network routers will let you configure "DNS Overrides," which are basically spoofed A-records. You may not even need to set up an external DNS server.

0

Share this post


Link to post
Share on other sites

Keep in mind that anything you do at the network level will affect all the computers on your network. In other words, if you set up a DNS server with spoofed A records as your primary DNS server, and it (for example) points Google to 127.0.0.1, Google will be unavailable for ALL clients on the network, unless they manually type in Google's actual external IP in their web browser.

If you haven't heard of the hosts file, (assuming you're using Windows machines) the hosts file is consulted before a DNS query is made. If you just wish to redirect a few hosts, or a subset of hosts on the network, try editing the Windows hosts file (windows\system32\drivers\etc).

Edit: If you're trying to spoof traffic for all hosts on the network though, definitely do what Glitch suggested with the overrides, it'll be much simpler and more effective than ettercap. You have to remember, your computer is not a server, nor a router, so passing traffic to it slows things down a good deal.

Edited by TheFunk
0

Share this post


Link to post
Share on other sites

You can use Cain & Abel. This allows you spoof DNS records (Cain has built in DNS spoofing support that is easy to manage) only to hosts that are subjected to ARP poison routing. Thus, your machine and all others not selected for ARP poison routing will get pristine DNS answers.

 

 

EDIT:

 

Here's an image of the ARP/DNS Poisoning screen. Sorry, for it being so small, but don't really feel like editing it. Just enter the dns name along with the IP address you want it to resole to. All reverse DNS queries will be spoofed as well.

 

Remember, this only functions with hosts that are subject to ARP spoofing. 

 

2zelamx.jpg

Edited by tekio
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0