DNS spoofing with Ettercap

posted Jun 7th 2008 7:45pm by Eliot Phillips
filed under: misc hacks

[IronGeek] has published his latest video how-to: DNS Spoofing with Ettercap. Ettercap is designed specifically to perform man in the middle attacks on your local network. It can do ARP poisoning, collect passwords, fingerprint OSes, and content filtering. For DNS spoofing, you just need to edit a config file that defines which domains resolve to which IP addresses. You can use wildcards for the domains. In the video, he uses Linux because the network interfaces are easier to remember. Once you’re done playing with DNS spoofing, remember to flush your local cache otherwise your browser will continue to go to the wrong IP.

[photo: mattdork]

Read

Comments [12]

tagged: dns, ettercap, irongeek, router, switch

Reader Comments

Videos seem broken :(

I only see “This video presentation is sponsored by…” forever.

Posted at 8:46 pm on Jun 7th, 2008 by Hello1024

Damn, what version of Flash and what OS do you use? I can try to fix it. I’ve only tested using the newest Flash plugin in XP and Ubuntu.

Posted at 10:04 pm on Jun 7th, 2008 by Irongeek

Damn! Had only this been posted a few weeks ago! Could have had so much fun at school.

Very good tutorial though. I wonder, what if you were on DSL and bridged your router?

Posted at 11:13 pm on Jun 7th, 2008 by Harrison

Nope, it was all on my local LAN.

Posted at 12:00 am on Jun 8th, 2008 by irongeek

First, Irongeek is awesome. I always followed his posts on Binrev, and on his site.

Second, another way to do this is simply, if you are only targeting one domain (no catchall domains, like *.microsoft.com) is to add it as a static dns entry on your router or dns server. For my Verizon Versalink (Westel 3100), first go to the dns page ( http://192.168.1.1/dns.htm ) then I just add “microsoft.com” in the host field and “192.168.1.1″ in the ip field. Since a local domain is set up, microsoft.com is microsoft.com.local, which is what is first looked up when you do a domain query.

I am using this to mess with a linux stb, to see what I should sniff and what it tries to connect to :D

Posted at 4:56 am on Jun 8th, 2008 by cde

What is wrong with you people?

This is not a *real* hack, this is *not* what we came here for, you’ve completely switched the focus of this site to black hat nonsense.

Secondly, cut the flash shit already! *a lot* of hardware hackers use real operating systems, (BSD), and aren’t amused with all the flash video content.. get the picture? if you’re going to provide videos you better setup a mirror hosting a XViD/MPEG encoded alternative.

Now piss off and return to the regularly scheduled programming!

Thank you.

Posted at 2:01 pm on Jun 8th, 2008 by Disapointed User

Wow @5 “Disapointed User”. If your “real” operating system can’t support flash, then your “real” operating system is a load of crap.

And how isn’t this a hack? Do you forget, that some hardware (like mostly every closed-source internet appliance) use dns for connecting with their parent company, so to hack the hardware, you would need to do some kind of dns spoofing, arp poisoning, or tcp/ip sniffing? For example, tivo’s, or more accuratly, later firmware versions of the “La Fonera” fon minirouters, which require a spoofed radius server, which requires dns spoofing.

So fuck off, elitist prick.

Posted at 2:16 pm on Jun 8th, 2008 by cde

@cde, elitist prick? I’m more of a realist… it’s not the OS at fault for not having a working flash implementation, flash after all is a proprietary piece of shit.

The *real* OS I use is perfectly fine, try doing your homework, moron.

Posted at 6:04 pm on Jun 8th, 2008 by Disapointed User

@8: disapointed user
It might not be the OS, but then its the user’s and maintainers fault, for not trying hard enough. Linux has working Flash, both old and up to date (9). OSX, a bsd derived OS, has full Flash capabilities. Symbian, PalmOS, and WindowsCE, mini-os’s, have flash. As of May 1, Flash has been opened up.

Yet, you say its a piece of shit, because you can’t be bothered to use something everyone else uses. Deluded fool.

Posted at 11:46 pm on Jun 8th, 2008 by cde

@cde, you’re wrong… they released specifications, flash is still proprietary and closed source.

Contrary to your “deluded” view of the world, it’s not possible to run programs compiled for another OS without comprehensive binary emulation of some sort.

One shouldn’t have to give up on his principles just because the majority of the world is *okay* with binary blob software.

I’m not, so you, dear friend, are the “deluded” fool.

Posted at 7:24 am on Jun 9th, 2008 by Disapointed User

@Disapointed user

Try talking about “sheeple” and “the man”, you’ll sound less *elitist*

p.s. *they* put *the* flash *there* *specifically* *to* keep *YOU* *out*

Posted at 12:33 pm on Jun 9th, 2008 by Obvious Man

Now that was a fascinating how-to lots of food for thought there.

Is it just me or does disapointed user seem a lot like our little friend zoinks?
I miss zoinks he was my hero ;)

Posted at 7:48 pm on Jun 9th, 2008 by putuporshutup

DNS spoofing with Ettercap

Recent Posts

Reader Comments

Leave a Reply

Hacks

Resources

RSS newsfeeds

Most commented on (30 days)

Recent comments