DNS spoofing with Ettercap


[IronGeek] has published his latest video how-to: DNS Spoofing with Ettercap. Ettercap is designed specifically to perform man in the middle attacks on your local network. It can do ARP poisoning, collect passwords, fingerprint OSes, and content filtering. For DNS spoofing, you just need to edit a config file that defines which domains resolve to which IP addresses. You can use wildcards for the domains. In the video, he uses Linux because the network interfaces are easier to remember. Once you’re done playing with DNS spoofing, remember to flush your local cache otherwise your browser will continue to go to the wrong IP.

[photo: mattdork]

Comments

  1. Hello1024 says:

    Videos seem broken :(

    I only see “This video presentation is sponsored by…” forever.

  2. Irongeek says:

    Damn, what version of Flash and what OS do you use? I can try to fix it. I’ve only tested using the newest Flash plugin in XP and Ubuntu.

  3. Harrison says:

    Damn! Had only this been posted a few weeks ago! Could have had so much fun at school.

    Very good tutorial though. I wonder, what if you were on DSL and bridged your router?

  4. irongeek says:

    Nope, it was all on my local LAN.

  5. cde says:

    First, Irongeek is awesome. I always followed his posts on Binrev, and on his site.

    Second, another way to do this is simply, if you are only targeting one domain (no catchall domains, like *.microsoft.com) is to add it as a static dns entry on your router or dns server. For my Verizon Versalink (Westel 3100), first go to the dns page ( http://192.168.1.1/dns.htm ) then I just add “microsoft.com” in the host field and “192.168.1.1” in the ip field. Since a local domain is set up, microsoft.com is microsoft.com.local, which is what is first looked up when you do a domain query.

    I am using this to mess with a linux stb, to see what I should sniff and what it tries to connect to :D

  6. Disapointed User says:

    What is wrong with you people?

    This is not a *real* hack, this is *not* what we came here for, you’ve completely switched the focus of this site to black hat nonsense.

    Secondly, cut the flash shit already! *a lot* of hardware hackers use real operating systems, (BSD), and aren’t amused with all the flash video content.. get the picture? if you’re going to provide videos you better setup a mirror hosting a XViD/MPEG encoded alternative.

    Now piss off and return to the regularly scheduled programming!

    Thank you.

  7. cde says:

    Wow @5 “Disapointed User”. If your “real” operating system can’t support flash, then your “real” operating system is a load of crap.

    And how isn’t this a hack? Do you forget, that some hardware (like mostly every closed-source internet appliance) use dns for connecting with their parent company, so to hack the hardware, you would need to do some kind of dns spoofing, arp poisoning, or tcp/ip sniffing? For example, tivo’s, or more accuratly, later firmware versions of the “La Fonera” fon minirouters, which require a spoofed radius server, which requires dns spoofing.

    So fuck off, elitist prick.

  8. Disapointed User says:

    @cde, elitist prick? I’m more of a realist… it’s not the OS at fault for not having a working flash implementation, flash after all is a proprietary piece of shit.

    The *real* OS I use is perfectly fine, try doing your homework, moron.

  9. cde says:

    @8: disapointed user
    It might not be the OS, but then its the user’s and maintainers fault, for not trying hard enough. Linux has working Flash, both old and up to date (9). OSX, a bsd derived OS, has full Flash capabilities. Symbian, PalmOS, and WindowsCE, mini-os’s, have flash. As of May 1, Flash has been opened up.

    Yet, you say its a piece of shit, because you can’t be bothered to use something everyone else uses. Deluded fool.

  10. Disapointed User says:

    @cde, you’re wrong… they released specifications, flash is still proprietary and closed source.

    Contrary to your “deluded” view of the world, it’s not possible to run programs compiled for another OS without comprehensive binary emulation of some sort.

    One shouldn’t have to give up on his principles just because the majority of the world is *okay* with binary blob software.

    I’m not, so you, dear friend, are the “deluded” fool.

  11. Obvious Man says:

    @Disapointed user

    Try talking about “sheeple” and “the man”, you’ll sound less *elitist*

    p.s. *they* put *the* flash *there* *specifically* *to* keep *YOU* *out*

  12. putuporshutup says:

    Now that was a fascinating how-to lots of food for thought there.

    Is it just me or does disapointed user seem a lot like our little friend zoinks?
    I miss zoinks he was my hero ;)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,468 other followers