Welcome to my beloved hackers. In this article we’ll discuss DNS Spoofing using dnsspoof and ettercap In our MITM series
What is DNS ?
DNS stands for Domain Name Server which is a service on network. it resolves the Domain names with IP address. there are many types of DNS services like DNS resolvers, DDNS, etc.
Basically in a LAN network we’ve local DNS resolver which takes the DNS request at first stage. It checks for the domain IP address in his database if found it resoves if not it sends the query to further more DNS servers on network.
In a simple words, if you are in a network say for WiFi, the router has a DNS resolver when you try to access a website say for hackeroyale.com it first looks at local DNS database if there is a record then it points to the IP address if not it sends your dns query on Internet for resolving DNS. Basically 220.127.116.11 is a DNS standard server that we all use.
How to spoof DNS?
DNS spoofing takes on first stage of the network, where when a user queries for DNS we’ll spoof the request and give fake response IP address, say for our own IP address where we’ll setup local web server and fake website page and redirect them to our page.
DNS spoofing takes very prominent part in hacking a network, we can poison all the DNS queries. for performing a DNS spoof you should have to poison ARP. that we’ve discussed in previous part of this series.
Getting started with Dnsspoof
dnsspoof is a command-line shell for performing a DNS spoofing attack.
you need to install this tool in linux just by
sudo apt-get install dnsspoof
the simple syntax of this dnspoof is
dnsspoof -i <interface> -f <hostsfile>
Now we must turn our NIC to promiscus mode it’s simple just run this command on terminal
ifconfig wlan0 promisc
wlan0 is in my case I’m in internal NIC but in your case it may be eth0 if you are on LAN ethernet or wlan1 if you use external NIC.
Then you need to change the DNS record of local resolver by running this command
tcpkill -9 host [www.facebook.com]
Now you need to redirect them to fake phish web page. you need to have apache server.
first change your hosts file just go to
usr/local folder and find hosts file add a new line as this
you should place your local IP address you can get it by
then run apache server just by
service apache2 start
then go to
var/www/html location create index,html file and place all the fake phishing page html codes into that and save the file. and then go to terminal and run
dnsspoof -f hosts
you’ve done DNS spoofing using dnsspoof.
DNS Spoofing using Ettercap
Ettercap is a graphical user interface which has all types of MITM attacks.
we’ve discussed ARP spoofing using ettercap in last article of this series.
First you need to start Ettercap by just run this command on terminal
Go to top bar select sniff and start unified sniffing then go to hosts and scan for hos