DNS Spoofing:
Basically, DNS Spoofing is a computer hacking attack, where data is introduced into a DNS (Domain Name System) resolver’s cache. In a DNS server spoofing attack, a malicious party modifies the DNS server in order to reroute a specific domain name to a different IP address.
The Domain Name System (DNS) is one of the fundamental services of the Internet. It associates various information with domain names assigned to each of the participating entities.
With that been said, let’s get to work.
1. Set Up Kali Linux:
Go to Applications -> Kali Linux -> Sniffing -> Network Sniffers, dnsspoof as you can clearly see in the picture provided.
2. Open dnsspoof:
Notice how easy the syntax is.
dnsspoof -i -f
3. Set Up For Sniffing:
What we are going to do is, we’ll get a Windows 7 system on our network and redirect its facebook.com navigation to our own website. Use any browser to navigate there (Ignore the tabs in the given picture).
4. Flush The DNS Cache:
Now, we’ve to flush the DNS cache of the windows 7 system. In this way, the Windows client won’t use the cached DNS on the system and will instead use our “updated” DNS service.
Close the browser and type in the terminal:
ipconfig /flushdns
Now we need to kill the connection between the Windows 7 system and (http://www.facebook.com ). This forces the Windows 7 machine user to re-authenticate. Type:
tcpkill -9 host [www.facebook.com]
Once done, stop the TCP with Ctrl + C.
5. Create Hosts File:
Here we will be using the hosts file to redirect that Windows 7 system’s search for Facebook to our website. Let’s go to the /usr/local directory.
cd /usr/local
From there, let’s open the hosts file in any text editor.
gvim hosts
Now that we have the hosts file open, we need to add the following line to it. The hosts file is simply mapping an IP address to a domain name, so we put our IP address in and map it to [www.facebook.com].
192.168.1.2 http://www.facebook.com
It’s recommended to use the TAB key between the IP and the domain name, well, it’s important literally.
6. Create A New Facebook WebPage:
Before we go any further, we now need to turn off promiscuous mode on our network card.
ifconfig eth0 -promisc
Now we need to create a website that the user will be directed to when they type http://www.facebook.com in the URL of their browser. Let’s create a simple webpage.
Open the index.html
gvim /var/www/index.html
This is how it looks like by default. We’ll have to change it and put in the following html and then save it. I’ll put the script in a .txt file and upload the picture since the script won’t be visible if I put it directly over here. You’ll have to replace it with the script given in index.html.
Indeed, if you really wanted to pull off this hack, you would want to take the time to build a website that looks and acts just like the site you’re spoofing.
7. Start the Apache Web Server:
Now, start the web server built into Kali. This is Apache and the service is HTTP, so we go to Kali Linux -> System Services -> HTTP -> apache2 start.
8. Start dnsspoof:
Lastly, we need to start dnsspoof and direct users to the entries in our “hosts” file first. Dnsspoof will intercept DNS queries and send them first to our hosts file before then sending them along to the DNS server. Type:
dnsspoof -f hosts
9. Navigate to Facebook From Windows 7:
Now, from the Windows 7 system, type in the URL http://www.facebook.com and it will pull up our fake website instead of the real Facebook website.
That is all, you’ve successfully spoofed DNS on a LAN. Now, when anyone on the local area network attempts to navigate to the Facebook website, they will instead come to our website!
Hope you enjoyed the tutorial and learnt some stuff. For further assistance leave a reply!
I’ll see you in the next one, until then Enj
Basically, DNS Spoofing is a computer hacking attack, where data is introduced into a DNS (Domain Name System) resolver’s cache. In a DNS server spoofing attack, a malicious party modifies the DNS server in order to reroute a specific domain name to a different IP address.
The Domain Name System (DNS) is one of the fundamental services of the Internet. It associates various information with domain names assigned to each of the participating entities.
With that been said, let’s get to work.
1. Set Up Kali Linux:
Go to Applications -> Kali Linux -> Sniffing -> Network Sniffers, dnsspoof as you can clearly see in the picture provided.
2. Open dnsspoof:
Notice how easy the syntax is.
dnsspoof -i -f
3. Set Up For Sniffing:
What we are going to do is, we’ll get a Windows 7 system on our network and redirect its facebook.com navigation to our own website. Use any browser to navigate there (Ignore the tabs in the given picture).
4. Flush The DNS Cache:
Now, we’ve to flush the DNS cache of the windows 7 system. In this way, the Windows client won’t use the cached DNS on the system and will instead use our “updated” DNS service.
Close the browser and type in the terminal:
ipconfig /flushdns
Now we need to kill the connection between the Windows 7 system and (http://www.facebook.com ). This forces the Windows 7 machine user to re-authenticate. Type:
tcpkill -9 host [www.facebook.com]
Once done, stop the TCP with Ctrl + C.
5. Create Hosts File:
Here we will be using the hosts file to redirect that Windows 7 system’s search for Facebook to our website. Let’s go to the /usr/local directory.
cd /usr/local
From there, let’s open the hosts file in any text editor.
gvim hosts
Now that we have the hosts file open, we need to add the following line to it. The hosts file is simply mapping an IP address to a domain name, so we put our IP address in and map it to [www.facebook.com].
192.168.1.2 http://www.facebook.com
It’s recommended to use the TAB key between the IP and the domain name, well, it’s important literally.
Before we go any further, we now need to turn off promiscuous mode on our network card.
ifconfig eth0 -promisc
Now we need to create a website that the user will be directed to when they type http://www.facebook.com in the URL of their browser. Let’s create a simple webpage.
Open the index.html
gvim /var/www/index.html
Indeed, if you really wanted to pull off this hack, you would want to take the time to build a website that looks and acts just like the site you’re spoofing.
7. Start the Apache Web Server:
Now, start the web server built into Kali. This is Apache and the service is HTTP, so we go to Kali Linux -> System Services -> HTTP -> apache2 start.
Lastly, we need to start dnsspoof and direct users to the entries in our “hosts” file first. Dnsspoof will intercept DNS queries and send them first to our hosts file before then sending them along to the DNS server. Type:
dnsspoof -f hosts
9. Navigate to Facebook From Windows 7:
Now, from the Windows 7 system, type in the URL http://www.facebook.com and it will pull up our fake website instead of the real Facebook website.
That is all, you’ve successfully spoofed DNS on a LAN. Now, when anyone on the local area network attempts to navigate to the Facebook website, they will instead come to our website!
Hope you enjoyed the tutorial and learnt some stuff. For further assistance leave a reply!
I’ll see you in the next one, until then Enj
Thnx