Results 1 to 3 of 3

Thread: dns spoofing in proxy-server Environment ?

  1. #1
    Banned
    Join Date
    Jul 2010
    Posts
    1

    Default dns spoofing in proxy-server Environment ?

    Ok this is what i'm trying to achieve.

    I want to do DNS spoofing. This is what i have.

    attack machine: vmware / backtrack
    victim: windows
    environment: proxy server / router

    tools used: ettercap

    Current attack scenario:-
    I'm doing dns spooing with the help of ettercap with normal switches for dns spooing. I'm spoofing b/w gateway and the victim and posing as a router.

    I'm running hunt to spoof to MAC address of my own liking which is the MAC address of my host machine (windows).? Why because my vmware machine has no connectivity to proxy -ip address so the packers destined to backtrack would be turned back because i couldn't forward to the their desire destination.

    Achieved so far:-
    I have been able to spoof / change the local dns entry of victim machine to the one selected in etter.dns file. I checked that by entering nslookup www.site.com. However the primary dns-server local -dns server remains the same.

    Effects:
    the victim is still able to navigate the original site with no effect.

    Analysis?
    What i think that proxy is playing havoc in attempting me to carry the attack successfully. As when the victim request goes to fetch page for site.com it always bring it back the original page and not the counterfeit because the proxy server /ISA in the case has no knowledge / effect of the spoof entry mapping of ip-domain on the victim machine. Somehow it overwrites this mapping as all internet communication is done by proxy server so the change in ip-dns mapping has no significance to analogy of the attack. Unless I'm able to redirect the page on proxy-server level this attack seems to be useless in proxy server environment.

    What i want?
    I want a workaround what else i can do? Or do i need to change my attack design...anything useful you can add that would help me get through this proxy design in place. Do i need to spoof the proxy-server address in the case and let the victim communicate all www communication via my machine.

    Thank you guys

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: dns spoofing in proxy-server Environment ?

    You didnt mention whether the proxy had been manually assigned (set in the browser config) or whether it was transparent, but I'll assume that it has been manually assigned because of the symptoms you describe. The proxy server is not "overwriting any mappings", its most likely doing its own DNS lookups. It gets a HTTP request from the client and it does the hostname to IP address translation itself. Under these circumstances it doesnt matter what IP address the client thinks the web server has.

    Redirecting proxy requests to your own systems proxy server should work.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    2

    Default Re: dns spoofing in proxy-server Environment ?

    even i have a problem with ettercap..donno if its similar to this

    actually i spoofed the dns succesfully for a while but now i am not successful .....

    i came to know that the victim is using hide my ip...is this the reason behind it???

Similar Threads

  1. sslstrip behind a proxy server
    By avandelay in forum OLD BackTrack 4 General Support
    Replies: 1
    Last Post: 03-14-2010, 03:43 AM
  2. Is spoofing email possible through isp server?
    By froshroom in forum Beginners Forum
    Replies: 3
    Last Post: 02-27-2010, 12:55 AM
  3. By pass Microtik Hardware Proxy Server
    By evil inside in forum OLD Newbie Area
    Replies: 1
    Last Post: 11-11-2009, 05:31 AM
  4. Running BT as a router to bypass proxy server
    By BlueYoshi in forum OLD Newbie Area
    Replies: 1
    Last Post: 01-20-2009, 04:52 PM
  5. Tunnel traffic through proxy server (like tor)
    By Dissident85 in forum OLD Specialist Topics
    Replies: 6
    Last Post: 10-09-2008, 07:30 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •