Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: ettercap dns_spoof

  1. #1
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    8

    Default ettercap dns_spoof

    I am using ettercap and its dns_spoof plugin to redirect webpages from site a to site b.

    when i run the command :
    ettercap -T -Q -M arp:remote -i eth0 /192.168.22.1/ // -P dns_spoof
    every thing seems to be fine i even get messages on the CLI like
    "dns_spoof: [wordpress(dot)com] spoofed to [198.182.196.48]
    but on my target pc the site is not spoofed meaning it still opens up wordpress

    please help

  2. #2
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    6

    Default

    have you set the configuration file called etter.dns in the /usr/share/ettercap/ directory ???

  3. #3
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    8

    Default

    yes, i have read all tuts and set the etter.dns, i also tried compiling a filter file eg: mycode.filter to mycode.ef and running the filter but still the same problem, please help.

  4. #4
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    6

    Default

    Quote Originally Posted by tigershark View Post
    yes, i have read all tuts and set the etter.dns, i also tried compiling a filter file eg: mycode.filter to mycode.ef and running the filter but still the same problem, please help.
    mmmm sorry but I can't help you anymore

  5. #5
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    4

    Default

    Same here , the DNS spoof isn't working for me ..
    I opend a theard : hxxp://forums.remote-exploit.org/newbie-area/24981-dns-spoofing-ettercap-not-working.html
    And I didn't got answers , maybe here I'll get .

  6. #6
    Just burned his ISO petabyte's Avatar
    Join Date
    Jul 2009
    Posts
    18

    Default

    Are you using any antivir with firewall or net protection in your target pc?

  7. #7
    Just burned his ISO
    Join Date
    Aug 2008
    Posts
    12

    Default

    Try,

    cd /usr/share/ettercap/
    mv -f etter.dns etter.dns.old
    kate etter.dns
    * A 192.168.1.7

    Replace 192.168.1.7 with your ip and save the file

    Then run
    ettercap -i eth0 -T -q -P dns_spoof -M ARP:remote // //

    You will also need to have apache running with your fake web page what you want to be displayed

    Hope this helps

  8. #8
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    8

    Default

    i have McAfee AV on my target pc running windows vista with a linksys router.
    i did what graymc1 said and if i use a local apache server it kinda works (meaning yahoo comes up just before my custom page) but if i try to change the "IP" to a specifically binded website the target still gets yahoo

  9. #9
    Just burned his ISO
    Join Date
    Aug 2008
    Posts
    12

    Default

    If you want to redirect to a specific web page

    cd /usr/share/ettercap/
    mv -f etter.dns etter.dns.old
    kate etter.dns
    * A xx.xx.xx.xx www(dot)test(dot)com

    Replace xx.xx.xx.xx with the IP of the web site and www(dot)test(dot)com with the web site address

    ettercap -i eth0 -T -q -P dns_spoof -M ARP /gateway IP/ /Victim IP/

    That should work

    Cheers
    Gary

  10. #10
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    6

    Default

    Maybe your pc has dns cache bcz just before you perform the attack you had visited the original wordpress.com, In windows open a cmd with admin and type "ipconfig /flushdns" .. Try DNS spoof with a domain you havent visited very recent. I am not sure about this..

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •