Results 1 to 5 of 5

Thread: Dns Spoof Failure

  1. #1
    Just burned his ISO
    Join Date
    Aug 2011
    Posts
    4

    Default Dns Spoof Failure

    Hi all,

    I wanted to do a dns spoof test using Ettercap and dns_spoof plugin. Here are the steps I followed:

    A BackTrack 5 Gnome R2 connected wirelessly and a Windows XP SP3 connected wirelessly too.

    1) On BackTrack I edit the /usr/local/share/ettercap/etter.dns file to have these:

    www.google.com A 87.248.120.148

    On a terminal I type this and press enter (192.168.1.75 goes to Windows XP pc):

    ettercap -T -q -P dns_spoof -i wlan0 -M ARP /192.168.1.75/ //

    Then, before do anything else, I execute this command:

    echo 1 > /proc/sys/net/ipv4/ip_forward

    After these, the target computer cannot browse anything and always an error page come up.

    But in the terminal which I run ettercap I see this new line:

    dns_spoof: [www.google.com] spoofed to [87.248.120.148]

    Does anybody know what's the problem ?

    Thank you in advance

  2. #2
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: Dns Spoof Failure

    hi,
    I think it is right!
    -if you turn ON your apache2-server (in bt) to see if the victim (xp) go-to "www.google.com" "" "the traffic is redirected from your backtrack apache-server(/var/www/" [where maybe there could be what do-you-want .... site-clone .......etc .....)

    ps: if the test is in the same LAN. I'd put in etter.dns the result of ifconfig of backtrack-machine

    sorry my english!
    bye

  3. #3
    Moderated Member
    Join Date
    Oct 2011
    Posts
    44

    Default Re: Dns Spoof Failure

    As the above comment mentions MAKE SURE APACHE IS ON. If it is: 1.) have you edited your etter.dns file, as well as edited your etter.conf file to make sure they are both setup correctly (sometimes your LAN IP changes and then it wont redirect to your page because it is trying to redirect to a page that is no longer there), 2.) after that if you are testing on your own network (assumed) then make sure you dont have a filter for DNS turned on in your router/modem (for example if I turn my filter on it will give me an error or just not load because it detects the redirection). I would also look at your script and make sure that the said IP that you used (192.168.1.75) is correct. You shouldnt need to use "echo 1 > /proc/sys/net/ipv4/ip_forward" 3.) have you updated ettercap? Are you running 7.3/7.4? Good luck XD

  4. #4
    Senior Member
    Join Date
    Jul 2009
    Posts
    135

    Default Re: Dns Spoof Failure

    Check iptables or make sure firewall is off for testing purposes. Run wireshark for debugging. Wireshark should answer most of your questions.

  5. #5
    Just burned his ISO
    Join Date
    Aug 2011
    Posts
    4

    Default Re: Dns Spoof Failure

    I checked everything twice, but still I cannot spoof DNS. The victim couldn't browse anything except of my apache server! My router does not have a firewall or a DNS filter. My ettercap is version 7.3. I checked the etter.conf file but I didn't find anything to change

Similar Threads

  1. DNS Spoof
    By letmein in forum Beginners Forum
    Replies: 5
    Last Post: 04-11-2011, 05:24 PM
  2. Replies: 5
    Last Post: 04-03-2011, 01:54 PM
  3. Can you ARP spoof to much?
    By imported_vvpalin in forum OLD Newbie Area
    Replies: 1
    Last Post: 05-13-2009, 03:34 PM
  4. ap spoof
    By 7ELEVEN in forum OLD Wireless
    Replies: 4
    Last Post: 11-26-2008, 03:22 AM
  5. Boot from ATAPI CD-ROM : Failure DISK BOOT FAILURE
    By xxxgodxxx in forum OLD Newbie Area
    Replies: 2
    Last Post: 04-17-2007, 04:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •