DNS Spoofing With Ettercap

[IronGeek] has published his latest video how-to: DNS Spoofing with Ettercap. Ettercap is designed specifically to perform man in the middle attacks on your local network. It can do ARP poisoning, collect passwords, fingerprint OSes, and content filtering. For DNS spoofing, you just need to edit a config file that defines which domains resolve to which IP addresses. You can use wildcards for the domains. In the video, he uses Linux because the network interfaces are easier to remember. Once you’re done playing with DNS spoofing, remember to flush your local cache otherwise your browser will continue to go to the wrong IP.

[photo: mattdork]

12 thoughts on “DNS Spoofing With Ettercap

  1. Damn! Had only this been posted a few weeks ago! Could have had so much fun at school.

    Very good tutorial though. I wonder, what if you were on DSL and bridged your router?

  2. First, Irongeek is awesome. I always followed his posts on Binrev, and on his site.

    Second, another way to do this is simply, if you are only targeting one domain (no catchall domains, like *.microsoft.com) is to add it as a static dns entry on your router or dns server. For my Verizon Versalink (Westel 3100), first go to the dns page ( ) then I just add “microsoft.com” in the host field and “” in the ip field. Since a local domain is set up, microsoft.com is microsoft.com.local, which is what is first looked up when you do a domain query.

    I am using this to mess with a linux stb, to see what I should sniff and what it tries to connect to :D

  3. What is wrong with you people?

    This is not a *real* hack, this is *not* what we came here for, you’ve completely switched the focus of this site to black hat nonsense.

    Secondly, cut the flash shit already! *a lot* of hardware hackers use real operating systems, (BSD), and aren’t amused with all the flash video content.. get the picture? if you’re going to provide videos you better setup a mirror hosting a XViD/MPEG encoded alternative.

    Now piss off and return to the regularly scheduled programming!

    Thank you.

  4. Wow @5 “Disapointed User”. If your “real” operating system can’t support flash, then your “real” operating system is a load of crap.

    And how isn’t this a hack? Do you forget, that some hardware (like mostly every closed-source internet appliance) use dns for connecting with their parent company, so to hack the hardware, you would need to do some kind of dns spoofing, arp poisoning, or tcp/ip sniffing? For example, tivo’s, or more accuratly, later firmware versions of the “La Fonera” fon minirouters, which require a spoofed radius server, which requires dns spoofing.

    So fuck off, elitist prick.

  5. @cde, elitist prick? I’m more of a realist… it’s not the OS at fault for not having a working flash implementation, flash after all is a proprietary piece of shit.

    The *real* OS I use is perfectly fine, try doing your homework, moron.

  6. @8: disapointed user
    It might not be the OS, but then its the user’s and maintainers fault, for not trying hard enough. Linux has working Flash, both old and up to date (9). OSX, a bsd derived OS, has full Flash capabilities. Symbian, PalmOS, and WindowsCE, mini-os’s, have flash. As of May 1, Flash has been opened up.

    Yet, you say its a piece of shit, because you can’t be bothered to use something everyone else uses. Deluded fool.

  7. @cde, you’re wrong… they released specifications, flash is still proprietary and closed source.

    Contrary to your “deluded” view of the world, it’s not possible to run programs compiled for another OS without comprehensive binary emulation of some sort.

    One shouldn’t have to give up on his principles just because the majority of the world is *okay* with binary blob software.

    I’m not, so you, dear friend, are the “deluded” fool.

  8. @Disapointed user

    Try talking about “sheeple” and “the man”, you’ll sound less *elitist*

    p.s. *they* put *the* flash *there* *specifically* *to* keep *YOU* *out*

  9. Now that was a fascinating how-to lots of food for thought there.

    Is it just me or does disapointed user seem a lot like our little friend zoinks?
    I miss zoinks he was my hero ;)

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.