Results 1 to 5 of 5

Thread: Ettercap DNS Spoofing Not.. Spoofing

  1. #1
    Just burned his ISO
    Join Date
    Mar 2009
    Posts
    2

    Default Ettercap DNS Spoofing Not.. Spoofing

    I've been lurking, stalking, sometimes peeping in on the forums for quite a while, reading and learning things on my own trying not to post unnecessary threads, and of course using the search function but I cannot figure out what is wrong for the life of me so I turn to you more knowledgeable members for help on this. So here's the hang-up:

    I get to the point where ettercap displays the following which makes it seem everything is working perfectly:


    dns_spoof: [msn.c*m] spoofed to [74.125.45.100]


    But the victim still sees the MSN website and not Google (74.125.45.100).

    I've tried this on several different computers but it does not re-route even though ettercap informs me that it has. ...Except for Windows Mobile. Ettercap does not inform me that it's spoofing any dns requests from the WinMo device.

    Using a different IP (can't remember which), at one point the victim was semi-successfully redirected, in that the victim was redirected away from MSN but did not load the webpage I was redirecting to. Which brings me to my next question - determining a website's IP address.

    I've been using the ping command to do so, but putting that IP into the address bar does not always bring up the website. Perhaps somebody can enlighten me on this?


    Thats all, for now.

    Thank you in advance and be nice.

  2. #2
    Member imported_blackfoot's Avatar
    Join Date
    Jun 2007
    Posts
    386

    Default strange dns

    Maybe the server you are pointing to (at Google) is not up!

    When you use dns to route to google it looks at a number of servers and google itself has such huge demands that it pipes requests (and I do not know the algorithm).

    So it may be that you are doing things as you see correctly but need to point to a test ip address of a less complex organisation such as a local news or radio channel.

    Tip:
    Use wireshark to report on a simple search...then you can see the flow of the protocol and usage to gain better insight into structure.
    Start wireshark, capture a single interface, run google and search on red or blue, stop wireshark, page through results.
    Lux sit

  3. #3
    Good friend of the forums
    Join Date
    Feb 2009
    Posts
    356

    Default

    I would add just a little tip: filter in wireshark only the DNS packets.
    Check out these wireshark tips
    http://packetlife.net/static/cheatsh...ay-filters.pdf

  4. #4
    Just burned his ISO
    Join Date
    Mar 2009
    Posts
    2

    Default

    I got it working, sorta, thanks. Let's say I want to redirect microsoft.com to remote-exploit.org. The IP I get for RE is 78.159.112.18. When I put this IP into the address bar, or dns spoof to it, I get a webpage that just says "Apache is functioning normally" and not the actually webpage. How can I get to the actual page? Or does this only work for certain sites?

  5. #5
    Member cr1spyj0nes's Avatar
    Join Date
    Sep 2008
    Posts
    164

    Default

    Quote Originally Posted by oxide View Post
    I got it working, sorta, thanks. Let's say I want to redirect microsoft.com to remote-exploit.org. The IP I get for RE is 78.159.112.18. When I put this IP into the address bar, or dns spoof to it, I get a webpage that just says "Apache is functioning normally" and not the actually webpage. How can I get to the actual page? Or does this only work for certain sites?
    http://www.selfseo.com/find_ip_address_of_a_website.php
    I would rather be hated for what i am,
    Then loved for what i am not.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •