Hello,

I've got a little problem with ettercap. I'll run BT5 and the target pc in virtual box, Network bridge adapter.
I'll try - for example - redirect the traffic on a network from pc A to microsoft.com redirect to linux.org.

In the /usr/share/ettercap/etter.dns file I'll have configured everything like this:
Code:
microsoft.com     A    194.78.225.186
*.microsoft.com   A    194.78.225.186
www.microsoft.com PTR  194.78.225.186
The IP-address is from another site, Ill know.

Then I'll go to Ettercap
Code:
root@bt:~# ettercap -G

Unified sniffing... => eth1 => OK
Plugins => Manage the plugins
Double click on dns_spoof => version 1.1

Hosts => Scan for hosts
Hosts list
IP Router => Add to Target 1
IP victem => Add to Target 2

Mitm => Arp poisoning...
Sniff remote connections => check => Ok

Start => Start sniffing
After that all, I'll go to the victem (windows 7) and go to the site from microsoft. The 1st time, he redirect me to the correct IP. The 2nd time I'll try this, he doesn't, and give the white screen: "page couldn't be loaded" or something like that. The address still stays the same of the one of microsoft.

Am I doing something wrong? Beceause, if this works, I'll will try to redirect "gmail.com" or something like that to my own Local IP.
This is just for testing on my own network.

The whole etter.dns -file:
Code:
############################################################################
#                                                                          #
#  ettercap -- etter.dns -- host file for dns_spoof plugin                 #
#                                                                          #
#  Copyright (C) ALoR & NaGA                                               #
#                                                                          #
#  This program is free software; you can redistribute it and/or modify    #
#  it under the terms of the GNU General Public License as published by    #
#  the Free Software Foundation; either version 2 of the License, or       #
#  (at your option) any later version.                                     #
#                                                                          #
############################################################################
#                                                                          #
# Sample hosts file for dns_spoof plugin                                   #
#                                                                          #
# the format is (for A query):                                             #
#   www.myhostname.com A 168.11.22.33                                      #
#   *.foo.com          A 168.44.55.66                                      #
#                                                                          #
# or for PTR query:                                                        #
#   www.bar.com A 10.0.0.10                                                #
#                                                                          #
# or for MX query:                                                         #
#    domain.com MX xxx.xxx.xxx.xxx                                         #
#                                                                          #
# or for WINS query:                                                       #
#    workgroup WINS 127.0.0.1                                              #
#    PC*       WINS 127.0.0.1                                              #
#                                                                          #
# NOTE: the wildcarded hosts can't be used to poison the PTR requests      #
#       so if you want to reverse poison you have to specify a plain       #
#       host. (look at the www.microsoft.com example)                      #
#                                                                          #
############################################################################

################################
# microsoft sucks ;)
# redirect it to www.linux.org
#

#microsoft to hln.be
microsoft.com     A    194.78.225.186
*.microsoft.com   A    194.78.225.186
www.microsoft.com PTR  194.78.225.186

# microsoft.com      A   198.182.196.56
# *.microsoft.com    A   198.182.196.56
# www.microsoft.com  PTR 198.182.196.56      # Wildcards in PTR are not allowed

facebook.com      A   192.168.2.185
*.facebook..com   A   192.168.2.185
www.facebook.com  PTR 192.168.2.185 

##########################################
# no one out there can have our domains...
#

www.alor.org  A 127.0.0.1
www.naga.org  A 127.0.0.1

###############################################
# one day we will have our ettercap.org domain
#

www.ettercap.org           A  127.0.0.1
ettercap.sourceforge.net   A  216.136.171.201

###############################################
# some MX examples
#

alor.org   MX  127.0.0.1
naga.org   MX  127.0.0.1

###############################################
# This messes up NetBIOS clients using DNS
# resolutions. I.e. Windows/Samba file sharing.
#

LAB-PC*  WINS  127.0.0.1

# vim:ts=8:noexpandtab
Thanks for helping.