ARP Cache Poisoning and DNS Spoofing
Hey everyone,
I've been lurking on this forum for a while now, and have successfully learned how to crack WEP networks using aircrack-ng. I have also successfully done session-sidejacking following a tutorial. I decided to look more into the commands I was typing so I could understand it better, and I came across arpspoof. I feel like I have a pretty good grasp on arp cache poisoning, thanks to this website. I started looking at the other tools in the dsniff package, and came across dnsspoof.
I tried to set up with a arp cache poisoning, as shown on the link provided, by redirecting the victims traffic through my computer. (arpspoof -i wlan0 -t 192.168.2.30 192.168.2.1 and back arpspoof -i wlan0 -t 192.168.2.1 192.168.2.30). I then tried to setup dnsspoof by setting up the hosts file as follows:
and then typed out dnsspoof -i wlan0 -f spoof.hosts host 192.168.2.30Code:127.0.0.1 *.google.com
My problem is that nothing seems to be happening. The arpspoof shows that traffic is flowing through my computer, but if I go onto the victim machine and type in Google, it actually goes to google.
What am I missing here? Do I need to use iptables for anything?
Thanks a lot,
-
Adam
Re: ARP Cache Poisoning and DNS Spoofing
At a quick glance, you seem to be doing everything right (since you are able to get (google.com), ill assume that forwarding in the kernel is enabled. Take a look my blog post here on dnsspoof, there are some other useful resources at the bottom that you can use for some more in-depth info.
Re: ARP Cache Poisoning and DNS Spoofing
Flush your victim computer's DNS cache.
Re: ARP Cache Poisoning and DNS Spoofing
Thanks for your suggestions. I set it up again and made sure to flush the DNS cache on the victim computer. No redirect is occurring, but dnsspoof writes out stuff like "192.168.2.8.62856 > 192.168.2.1.53: 43189+ A? mail.google.com".
I know that in ettercap it's supposed to be <website> A <ip>, but in manpages for dnsspoof it said it should be <ip> <website> in the hosts file. What could I be doing wrong?
Thanks,
-
Adam
Posting Permissions
