Steps and instructions -
This tutorial consists DNS spoofing which is a type of MITM attack. In this tutorial we will redirect a facebook user to our webiste.
Terms -
* DNS - Domain Name System is a service which translates IP address to domain name and domain name to IP address.
DNS spoofing - redirect a website user to our website.
Steps -
This is a LAN attack.
I have two machines running here. One is the target ie windows machine
Another is Kali Linux which we will be using to conduct the attack
Lets check the target IP address by running a quick scan on Kali Linux.
* The command is "nmap -sS (IP adress range)"
It takes some time to scan cause it will scan the range which you have specified.
Here is my target.
The tool which we will be using today is Ettercap.
But before that we need to edit a file.
The file name is etter.conf which is found in /etc/ettercap/etter.conf
* We will open a terminal and type in "gedit /etc/ettercap/etter.conf"
You will get a files opened in the gedit editor
Here you have to edit the 'uid' and the 'gid'. Replace the amount with '0'
Like this
Scroll down and search for Linux
Here we will edit the '#' sign and remove it.
Note - Just remove it, dont add '0' or anything.
Save file and exit.
Now we will open Ettercap.
* Open a terminal and type in "ettercap -G"
This will give you the GUI tool Ettercap which is used to do lot of things in Kali Linux
* Now we want to go to 'sniff' in the menu bar and select 'unified sniffing'
This will ask for which adapter or interface you want to sniff. Mine is eth0. So I will say OK. If you are on Wi-Fi, you may want to select WLAN
The sniffing process will automatically start. We don't want that yet. So we will stop the sniffing for now.
* Now we want to scan the network. Go to Hosts and select 'scan for hosts'
When the scan is complete, we will go again to Hosts and select "Hosts List"
This will show you the alive computers in your network
* Now we need to select our target.
There will be two targets here.
One is the Windows machine and another on is our gateway.
If you don't know your gateway IP address, then open a terminal and type "route".
This will show you the gateway of your network.
Now we will select our target by clicking on the target IP.
First I will add my gateway ie 192.168.80.1
I will click on it and click on 'add to target 1'
Now I will do the same to our target IP address.
But this time I will click on 'Add to Target 2'
* Next step is to go to MITM in the menu and select 'ARP poisoning'
After selecting you will get an option tab and you have to select "Sniff remote connections"
* Now move to the 'Plugins' tab and select "Manage the plugins"
Here we have to select which plugins we should be using. We will select "dns-spoof" because we are spoofing the DNS
* After this the process will complete after we edit another file.
Which is the Host File.
Open another terminal and type "gedit /etc/ettercap/etter.dns"
This will open up the host file.
This file contains the codes where it controls which site should be redirected to which site.
Scroll down and search for "Microsoft Sucks"
Here if the user wants to access the microsoft website, the spoof will redirect him to www.linux.org
Note The truth - "MICROSHIT REALLY SUCKS"
* Here we will edit a few lines.
I will remove the last line which says "www.nicrosoft.com PTR 107.170.40.56 # wildcards in PTR are not allowed"
And replace the microsoft.com with facebook.com
Note - Don't edit anything else.
Note that there is an IP address. We have to change it with our IP.
If you dont know your IP address then open a terminal and say "ifconfig"
Replace the IP address
By the end the file would look something like this.
Now remember that the space between the elements is a tab. Not a space. Use tab if incase your edit goes wrong.
Ok done. Save the file.
This will redirect the facebook site to our IP.
This is an HTTP attack. So some browsers can defend it, just in case if you didn't know.
* Now we need to edit another html file which is located in computer /var/www/html
We need to edit the index.html file.
Open the file with gedit and delete everything inside
And just type in a new code which says something like "<h1> Welcome to Hacking Monks </h1>"
Save the file and exit.
Now we need to start our apache server.
Open another Terminal and say "service apache2 start"
Now we can conduct the attack.
* Go to etercap and start sniffing
Now I will go to the target machine and try to access the facebook website.
Lets see what happens.
You will be redirected to our fake webiste.
This my friends is DNS spoofing.
Hope you guys learnt a lot from this tutorial.
Thank you guys for reading this.
You may want to see my other posts -
But it doesnt work.
ReplyDeleteFacebook dont let you go, ebay goes on the origina site.
Tested with google chrome.
Due to HTTPS being used.
Deletehi
ReplyDeleteDoes this work only on sites that use the http protocol.? what if our target spoof is https.?
ReplyDeletecan you send me the answer by email, this is my email
adarafaranisa443@gmail.com
sorry I use google translate.
Thank you
This comment has been removed by the author.
ReplyDeleteHi. I am Manas Lahon and I really like Hacking Monks blog. You're doing a great job.
ReplyDeletei'm trying to follow your tutorial...I've added the router's IP as Target 1 n the other IP's (i added more than 1) to Target 2...the effect is the entire network can't access the internet..which is incorrect from the step i've done...???
ReplyDeletehow can i bypass ssl certification for https protocol traffic
ReplyDeleteI really enjoy reading of your article. I wanted to inform you that you have people like me who appreciate your work.
ReplyDeletetechwithgeeks
talesbuzz
whizzherald