Results 1 to 4 of 4

Thread: ARP Cache Poisoning and DNS Spoofing

  1. #1
    Just burned his ISO
    Join Date
    Aug 2010
    Posts
    3

    Default ARP Cache Poisoning and DNS Spoofing

    Hey everyone,

    I've been lurking on this forum for a while now, and have successfully learned how to crack WEP networks using aircrack-ng. I have also successfully done session-sidejacking following a tutorial. I decided to look more into the commands I was typing so I could understand it better, and I came across arpspoof. I feel like I have a pretty good grasp on arp cache poisoning, thanks to this website. I started looking at the other tools in the dsniff package, and came across dnsspoof.

    I tried to set up with a arp cache poisoning, as shown on the link provided, by redirecting the victims traffic through my computer. (arpspoof -i wlan0 -t 192.168.2.30 192.168.2.1 and back arpspoof -i wlan0 -t 192.168.2.1 192.168.2.30). I then tried to setup dnsspoof by setting up the hosts file as follows:

    Code:
    127.0.0.1            *.google.com
    and then typed out dnsspoof -i wlan0 -f spoof.hosts host 192.168.2.30

    My problem is that nothing seems to be happening. The arpspoof shows that traffic is flowing through my computer, but if I go onto the victim machine and type in Google, it actually goes to google.

    What am I missing here? Do I need to use iptables for anything?

    Thanks a lot,

    -
    Adam

  2. #2
    Senior Member
    Join Date
    Jul 2009
    Posts
    135

    Default Re: ARP Cache Poisoning and DNS Spoofing

    At a quick glance, you seem to be doing everything right (since you are able to get (google.com), ill assume that forwarding in the kernel is enabled. Take a look my blog post here on dnsspoof, there are some other useful resources at the bottom that you can use for some more in-depth info.

  3. #3
    Junior Member
    Join Date
    Apr 2010
    Location
    Sweden
    Posts
    35

    Default Re: ARP Cache Poisoning and DNS Spoofing

    Flush your victim computer's DNS cache.

  4. #4
    Just burned his ISO
    Join Date
    Aug 2010
    Posts
    3

    Default Re: ARP Cache Poisoning and DNS Spoofing

    Thanks for your suggestions. I set it up again and made sure to flush the DNS cache on the victim computer. No redirect is occurring, but dnsspoof writes out stuff like "192.168.2.8.62856 > 192.168.2.1.53: 43189+ A? mail.google.com".
    I know that in ettercap it's supposed to be <website> A <ip>, but in manpages for dnsspoof it said it should be <ip> <website> in the hosts file. What could I be doing wrong?

    Thanks,

    -
    Adam

Similar Threads

  1. Openvz Cache template?
    By Speedy059 in forum Beginners Forum
    Replies: 0
    Last Post: 05-03-2010, 12:44 PM
  2. Command Line Fun: Rip Flash video from Firefox cache
    By Virchanza in forum OLD BT4beta HowTo's
    Replies: 6
    Last Post: 12-12-2009, 09:00 PM
  3. Replies: 5
    Last Post: 08-27-2009, 04:30 AM
  4. General Question About DNS Cache Poisoning, urget :)
    By vLov3r in forum OLD Newbie Area
    Replies: 4
    Last Post: 06-12-2009, 04:39 PM
  5. Novell local password cache NIS
    By macamba in forum OLD Tutorials and Guides
    Replies: 6
    Last Post: 06-19-2008, 09:54 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •