DNS Spoofing is working/working not!

**htons139** · 05-19-2010, 12:07 PM

Hello Guys, I have been playing around with BT3 for a couple of years and now I am using BT4, I have been able to play with ettercap, arp poisoning & the dns_spoof for some time now as well. I have noticed lately that dns spoofing is not working on my internet Explorer 8, Vista SP1 (IP 192.168.0.101)! If i visit a new site like say XYZ Consulting that has been set to be spoofed to my attack machine IP (BT4, IP 192.168.0.100) ettercap states that XYZ Consulting was spoofed to 192.168.0.100, yet IE8 still opens the un-spoofed page! checking the arp table on the target victim I found out that the arp poisoning works! if i ping XYZ Consulting from the victim machine, I get my attack IP 192.168.0.100 which confirms that dns_spoofing is working! Can anyone explain what is happening? Why is IE8 showing the right page even if it has never been visited on the victims machine before?!

**d14v0l0** · 05-19-2010, 01:03 PM

Clear cache from IE and try again

**htons139** · 05-19-2010, 07:10 PM

Well providing that I am spoofing domain names for websites that I have never visited on the target pc, there is no cache to clear for IE!

**Sinex** · 05-19-2010, 08:20 PM

If you try a "nslookup www.xyzconsulting.com" do you get multiple results? i.e 192.168.0.100 and the real IP

BackTrack Linux - Penetration Testing Distribution

Thread: DNS Spoofing is working/working not!

Thread Tools

Search Thread

Display

Hybrid View

DNS Spoofing is working/working not!

Re: DNS Spoofing is working/working not!

Re: DNS Spoofing is working/working not!

Re: DNS Spoofing is working/working not!

Similar Threads

Dns Spoofing and ettercap [not working ?]

X not working

Belkin F5D7050e - Confirmed working/Not working?

Wpa Working

IBM Think Pad R20 - Working

Posting Permissions