Monday, April 9, 2018

Approximately all beginners in ethical hacking have confusion about DNS or DNS spoofing. You guys know we crackers always help you to understand these things with practical. Before knowing about DNS spoofing first understand what is DNS actually.

What is DNS?

DNS Spoofing| How To DNS Spoof Using Ettercap In Kali Linux?-crackitdown

The full form of DNS is the Domain Name System. It translates the human-readable sites like google.com, crackitdown.com etc. to a numerical form of IP address that is used to communicate between nodes. 

When we search a website on our system, it doesn't understand the readable form of the name but it understands the IP addresses. Every website has a unique IP address. The DNS only translates the IP addresses to the numerical form so that our system can understand. You can open a website using its IP address also but it is not possible to remember the IP address of all websites for a human being. That is why DNS is created.

To increase the performance the DNS system saves the translated for some time in our system which is called cache. On the off chance that if it gets another request for the same translation, it can answer without asking some other server, until the point when that cache expires.

What is DNS Spoofing?

DNS spoofing is a part of computer hacking in which searched domain names are diverted to some other incorrect IP address due to which the traffic of the victim's system is diverted to attacker's system. Using DNS spoofing poison is injected into the address resolution protocol of the victim.

It is very hard to detect this attack. Neither firewall nor antivirus can detect this attack.

Consider that an attacker started DNS spoofing on the system of a victim and diverted the IP of facebook.com to the attacker's own IP address. If the victim tries to open facebook.com,  the DNS will open the attacker's IP instead of facebook.com. If the attacker does that, there is a big probability of stealing data or cookies from the victim's system.

So, let's have a look at the tutorial.

Configure Ettercap in Kali Linux:

Step 1:

There are a lot of tools that can be used to do DNS spoofing but in this tutorial, we're gonna use an open source and easy to use a tool called Ettercap. It comes by default in Kali Linux. Simply go to Show Applications and search for ettercap. Both GUI and CLI interface of ettercap is available in Kali Linux.

Before using the tool, you have to do some configuration of the tool. To do that open the terminal and type the command given below to open the configuration file of ettercap.


leafpad /etc/ettercap/etter.conf

The file will open up in the text editor and after that scroll down and find out the line where Linux word is written like the picture below.


DNS Spoofing| How To DNS Spoof Using Ettercap In Kali Linux?-crackitdown

Here we will use our IP tables. To use IP tables you have to activate it. To activate simply remove the hash from the front of the two command lines that are below the iptables like the picture given below and save the file and exit.


DNS Spoofing| How To DNS Spoof Using Ettercap In Kali Linux?-crackitdown

After activating the command start the apache server by using the command

service apache2 start

Now, copy your Kali Linux machine local IP address and paste and search it on your web browser. If it opens the default apache2 web page then the apache2 web server started successfully.

Here we are using our own website byethack.blogspot.com to do DNS spoofing.

Step 2:

Now we have to do one more configuration. We have to edit the etter.dns file. To go to the file type the command given below on the terminal. Before opening copy your local IP address.

leafpad /etc/ettercap/etter.dns


Now scroll the text file below and stop at the line Microsoft sucks present. Now you will see the lines just like the image below.



DNS Spoofing| How To DNS Spoof Using Ettercap In Kali Linux?-crackitdown



And now change the microsoft.com domain name to the website name that you want to attack and change the IP address to your local IP address where the Apache web server is present like the example picture is given below.


DNS Spoofing| How To DNS Spoof Using Ettercap In Kali Linux?-crackitdown

Now save the file and quit.

Step 3:


Now open the terminal and give the command given below to open the ettercap tool in GUI mode.

ettercap -G

Now at the above go to Sniff> Unified Sniffing and a pop up will appear asking to choose the Network interface. If you're using ethernet then choose eth0 and if you're using WLAN then the wlan0 option will appear.

So, here we're using ethernet. So we're selecting eth0.


DNS Spoofing| How To DNS Spoof Using Ettercap In Kali Linux?-crackitdown


After choosing OK, it will automatically start sniffing but we have to stop the sniffing. To stop the auto sniffing go to Start> Stop Sniffing.

Now, we have to set up the target. Before setting up the Target, we have to scan the Hosts. Go to Hosts option and choose Scan for Host. It will scan the local Network and it will show up a list of all systems connected to the Network. To view the list go to Hosts> Host List.


DNS Spoofing| How To DNS Spoof Using Ettercap In Kali Linux?-crackitdown

In the picture, the first one is our default gateway, the second one is our host machine and the third one is our target machine.

Now, select the default gateway(The first IP) and add it to target 2 by clicking the Add to Target 2 option. And Now add the third Ip address of the victim's machine to target 1 by clicking Add to Target 1.


DNS Spoofing| How To DNS Spoof Using Ettercap In Kali Linux?-crackitdown



Now the targets will be set under the Target option. Here you will get an option to delete the selected targets or to add another target.

Step 4:


Now, go to the MITM option and choose ARP Poisoning. A popup will appear asking to choose optional parameters. Select the Sniff remote connections and click OK.

Now go to Plugins> Manage the Plugins and choose the dns_spoof and double-click to activate it. At the bottom of the etterca[ tool a message will appear saying Activating dns_spoof plugin.

Congrats! all are set now. Now go to Start option and click on Start Sniffing. Now if the victim tries to open the byethack.blogspot.com then he will be redirected to the Apache web server that we set earlier. There is a big probability of getting hacked of DNS cache and cookies of the victim's system.

How to stop the attack: 

Go to Start> Stop Sniffing. Now go to MITM option and click Stop MITM attack. Exit the ettercap. But the attack didn't stop completely. To stop the attack completely open the terminal and type the two commands given below one by one.

ifconfig eth0 down

ifconfig eth0 up

Now the attack stopped properly.

Conclusion: 

Hope the tutorial was helpful for you. If you're facing any problem please leave us a comment describing your problem or you can contact us privately. Our team is always here for you. 

Disclaimer:

This tutorial is only for educational purpose. Please try it on your own local network and machine. Don't try to harm others. Hacking something without the owner's permission is not ethical. We're not responsible for any kind of damages.

Comments 0

Thanks for visiting us. Please Do comment with a valid name. Don't comment as Unknown.
(Warning: Do not spam in the comment box. Repetitive comments will not be moderated.)
EmoticonEmoticon

Submit Your Email Address to get Our Latest EASY TO READ Articles directly in Your Inbox