How To Sniff Data Using DNSspoof & Ettercap ? [MITM Series]

Welcome to my beloved hackers. In this article we’ll discuss DNS Spoofing using dnsspoof and ettercap In our MITM series

What is DNS ?

DNS stands for Domain Name Server which is a service on network. it resolves  the Domain names with IP address. there are many types of DNS services like DNS resolvers, DDNS, etc.
Basically in a LAN network we’ve local DNS resolver which takes the DNS request at first stage. It checks for the domain IP address in his database if found it resoves if not it sends the query to further more DNS servers on network.

In a simple words, if you are in a network say for WiFi, the router has a DNS resolver when you try to access a website say for hackeroyale.com it first looks at local DNS database if there is a record then it points to the IP address if not it sends your dns query on Internet for resolving DNS. Basically is a DNS standard server that we all use.

How to spoof DNS?

DNS spoofing takes on first stage of the network, where when a user queries for DNS we’ll spoof the request and give fake response IP address, say for our own IP address where we’ll setup local web server and fake website page and redirect them to our page.

DNS spoofing takes very prominent part in hacking a network, we can poison all the DNS queries. for performing a DNS spoof you should have to poison ARP. that we’ve discussed in previous part of this series.

Getting started with Dnsspoof

dnsspoof is a command-line shell for performing a DNS spoofing attack.
you need to install this tool in linux just by

sudo apt-get install dnsspoof

the simple syntax of this dnspoof is
dnsspoof -i <interface> -f <hostsfile>

Now we must turn our NIC to promiscus mode it’s simple just run this command on terminal

ifconfig wlan0 promisc

the interface wlan0 is in my case I’m in internal NIC but in your case it may be eth0 if you are on LAN ethernet or wlan1 if you use external NIC.

Then you need to change the DNS record of local resolver by running this command

  tcpkill -9 host [www.facebook.com]

Now you need to redirect them to fake phish web page. you need to have apache server.
first change your hosts file just go to usr/local folder and find hosts file add a new line as this

<your_local_ip> www.facebook.com

you should place your local IP address you can get it by ifconfig command.
then run apache server just by

service apache2 start

then go to var/www/html location create index,html file and place all the fake phishing page html codes into that and save the file. and then go to terminal and run

dnsspoof -f hosts

thats it
you’ve done DNS spoofing using dnsspoof.

DNS Spoofing using Ettercap

Ettercap is a graphical user interface which has all types of MITM attacks.
we’ve discussed ARP spoofing using ettercap in last article of this series.

Get Started:

First you need to start Ettercap by just run this command on terminal

ettercap -G

Go to top bar select sniff and start unified sniffing then go to hosts and scan for hos

The following two tabs change content below.

Anuj Mishra

Admin, Founder & Chief Editor at HackeRoyale
Engineer. Blogger. Ethical hacker. Penetration Tester. Deep Webbie. Bug hunter. Security Analyst. Web Developer. Techie. Programmer. Foodie. Music Lover. Traveller. Enthusiast.

Comment Now !