Backtrack 4 R2 (attacker)
dnsspoof ( from the dsniff suite)
WinXP SP2 with Firefox 3.6.12 (victim)

Let’s say we want to sniff a person’s facebook credentials and he is part of our LAN.
victim’s IP :
attacker’s IP :
We’re testing the S.E.T’s option Website Attack Vectors--> Credential Harvester Attack Method --> Site Cloner.
But instead of serving the address to the victim directly (for ex. saying to him while chatting “check this new stuff at”) we wanna make this more quietly with DNS spoofing. So if he visits he will be redirected to where the cloned facebook is.

We open a terminal and type the following:
cd /pentest/exploits/SET/
After updating the Metasploit Framework and the Social-Engineer Toolkit we take all the steps through S.E.T’s menu and we successfully clone the site:

We also create a plain text(we name it ‘facespoof’) with the line below in it to use it with dnsspoof. * <----this line tells that if someone wants to go
to send him to
So in a terminal we type:
dnsspoof -i eth0 -f /root/facespoof
and we get something like this:
dnsspoof: listening on eth0 [udp dst port 53 and not src]
So far so good…
But when the victim enters in his address bar” we get an error message “unable to connect”.
However when he enters” everything goes fine and our attack is successful.

Does anyone knows why is this happening?