How To Do DNS Spoofing In Kali Linux Using Ettercap

19:42 ---

Hello Readers!!!

Now This time I am going to show you

" How to do dns spoofing in Kali Linux Using Ettercap"

Ettercap is a free and open source network
security tool for man-in-the-middle attacks
on LAN. It can be used for computer network
protocol analysis and security auditing. It
runs on various Unix-like operating systems
including Linux, Mac OS X, BSD and Solaris,
and on Microsoft Windows. It is capable of
intercepting traffic on a network segment,
capturing passwords, and conducting active
eavesdropping against a number of common
protocols.

1 - LAUNCH ETTERCAP
Open a root terminal and enter the command
ettercap -G to launch the graphical interface
of ettercap.
Once ettercap is open, select the 'Unified
Sniffing ' option under the 'Sniff ' menu.
Now, select your network interface and then
click 'OK.'
WIFI = wlan0, Ethernet = eth0 | I am using wifi
so I will select wlan0 and click OK.
2 - TARGET HOSTS
Now it is time to target our hosts. To begin
this, select the " Scan for Hosts" option under
the " Hosts" menu, or just press Ctrl + S. It will
scan the hosts on your provided network
interface, and display how many were found in
the Logging box on the bottom. In my case,
4
hosts added to the hosts list...
Now, open the Hosts List by selecting Hosts
List under "Host" menu, or just press H.
Next - Select the default gateway and click
"Add to Target 1." My default gateway is
192.168.1.1 . After that, select the host of the
VICTIM who you are going to perform the
attack on. My victim will be my Galaxy Note 3
(connected to my wifi). This works for any
device on your network. Ok, so the IP address
of my victim host is 192.168.1.14 . I will select
this host and then click "Add to Target 2."

Ok, now select Current Targets under the
Targets menu, or just press "T" on your
keyboard. It will now show you the current
targets. If you followed the last step correctly,
your default gateway will be on one side, and
victim host on the other.
ARP POISONING
First, I am going to show you how to ARP
poison. We do this for all of the other mitm
attacks. Ok, so once you have your targets,
Simply select "Arp poisoning" off of the "Mitm"
menu. Next, select " Sniff remote connections"
and click OK.
Great, now we just need to do one more thing
to start the ARP poisoning. Select "Start
Sniffing" off of the "Sniff" menu, or you can
just use the shortcut: CTRL + W.
Now, you have ARP poisoned the victim! You
will now receive information as they log in to
sites. Example - I am going to log in to
Gmail.com on my phone and Ettercap
will show the login information in the logging
area. Now, as you see in the image below, we
have my username and password to HF :D. It
will sniff all logins.
The second Man in the Middle (Mitm) attack
I'm going to show you is DNS SPOOFING.
Here is the definition of DNS Spoofing, taken
from Wikipedia .
DNS spoofing is a computer hacking attack,
whereby data is introduced into a Domain
Name System name server's cache database,
causing the name server to return an incorrect
IP address, diverting traffic to another
computer.
Basically, DNS spoofing is like this scenario:
Attacker does a dns spoofing attack to replace
http://twitter.com with http://192.168.1.4

(THE ATTACKERS' TWITTER PHISHER). Having
done this, if the victim visits twitter.com, it
will show the ATTACKERS' phisher instead of
real twitter.
Alright, so before we can dns spoof, you need
to configure a file called etter.dns . In Kali
Linux, this file is located in /usr/share/
ettercap/etter.dns. If it is not, no problem -
you can find it the file by running the
following command in terminal:
" locate etter.dns "

Alright, now we will open etter.dns in any type
of text editor. I am just going to use nano, by
entering the following commands:
cd usr/share/ettercap
nano etter.dns
Now, etter.dns will be open in nano terminal
text editor.
Take note that your etter.dns should be full of
text, mine isn't because I have done this
before. Next, delete all of the text in this file.
You can't do ctrl + A in terminal, so it might
be a little faster/easier to open this file in a
editor such as LeafPad, and edit it there.
Alright, now I have etter.dns open in nano
terminal text editor

Ok, so this file tells what we are going to DNS
spoof.

What we will do is enter the following:
twitter.com A 192.168.1.4
This will dns spoof twitter.com to 192.168.1.4
(which is going to be my credential harvester
for twitter).

If you wanted, you could enter multiple lines
like this:
twitter.com A 192.168.1.4
facebook.com A 74.125.225.41
myspace.com A 199.59.149.230
This would dns spoof twitter.com to
192.168.1.4 , facebook.com to
74.125.225.41 (Google), and myspace.com to
199.59.149.230 (Twitter). Or, you could just
put an asterisk which means it will spoof ALL
websites to your desired ip:
* A 192.168.1.4

I am just going to spoof Twitter for this
tutorial, so in etter.dns I am going to delete
everything and just enter twitter.com A
192.168.1.4 . Save the file. If you're using
nano, you can save it by pressing Ctrl + X,
then Y, then press enter.
Great, now etter.dns is ready. I spoofed twitter
to 192.168.1.4 which is going to be my
credential harvester.

To create a credential
harvester, launch the SET framework by
entering the command: se-toolkit . **If you
wish to simply spoof it to an IP other than
your phisher then skip this step :) **
Now, enter 1 for Social-Engineering Attacks.
Secondly, enter 2 for Website Attack Vectors.
Finally, enter 3 for Credential Harvester Attack
Method.
Alright, now enter 2 for site cloner.
Next, enter the YOUR local ip (find it with
ifconfig). mine is 192.168.1.4 , so i'll enter
192.168.1.4 .
Now, it wants you to enter the URL you wish
to clone. I am going to make a fake twitter, so
I enter http://www.twitter.com . Now we are
done with that part.
NOW, it is time to conduct the DNS SPOOFING
attack. Go back to ettercap and make sure you
are NOT ARP POISONING anymore (If you tried
that attack) by clicking "Stop Mitm Attacks"
under the Mitm menu.
Ok, now select "Manage the Plugins" under the
Plugins menu, or just press the shortcut "CTRL
+P"
Last but not least, click Start Sniffing under
the sniff menu, or just press ctrl + W (IF YOU
ARE NOT ALREADY SNIFFING)
Now, I will go to twitter.com on the victim
device, and it would take me to twitter.com -
BUT this is not the real twitter - it's the
attacker's fake twitter! if i were to login, i'd
receive the credentials in the SET window.
Also, you can use "Filters" on Ettercap (this is one of my favorites) , which allow you to
customly filter packets.

#AnonyMous_KnW

0 comments: