Today we will learn DNS spoofing in our Kali Linux system with the help of Ettercap, and How to Use ettercap in Kali Linux? Before reading DNS spoofing we need a clear idea about DNS. DNS stands for Domain Name System. A Domain Name System or DNS server translates a readable domain name (such as google.com, nytimes.com) into a numerical IP address used to move connections between nodes.
As we know that all systems have a unique IP address, but it is very difficult to remember the IP address of many websites per person. So the domain name attached to the IP address. Reducing effort and improving DNS performance saves translation time for a limited amount of time called cache.
This means that if it receives another request for the same translation, it can play again without having to ask any other servers until the repository expires. DNS spoofing is an important part of login testing. This way the attacker can transfer the domain name to the wrong IP. This causes traffic to be transmitted to the attacker’s computer or any other system.
With the help of DNS spoofing the attacker can inject poison into the victim’s address-solving protocol, and this attack is very difficult to detect. Here in this tutorial we use Ettercap to spoof the DNS. Ettercap is the most popular and simple DNS spoofing tool.
What is DNS Spoofing?
DNS Spoofing (sometimes called DNS Cache Poisoning) is an attack where an unmanaged host manages the Domain Name Server (DNS) and all its applications. This means that the attacker can redirect all DNS requests, as well as all the traffic, to his (or her) machine, maliciously and possibly steal data. This is one of the most dangerous attacks as it is very difficult to detect, but today I will show you both how it is done and how you can see that it is being done by someone else in your network.
Let’s start by opening up Kali Linux, whether it’s a virtual machine (VM), a native boot, or a dual boot. If you do not already have Kali (which you should currently do, if you have been granted access to this website) go find it at the official website.
Make sure you have an active Internet connection before proceeding and make sure you are in the same network as your intended. This is a LAN (or WLAN) attack so both attacker and victim must have the same network gateway. Let me point out in advance that the victim can use any app, it does not matter.
Also Read : How To Install Kali Linux 2022 in Virtual Box
Step 1 – Configuring
You do not need Ettercap to be pre-installed with Kali Linux, before opening it we do some configuration. Now we need to edit the Ettercap configuration file as it is our preferred application today. Let’s navigate to /etc/ettercap/etter.conf and open the file with a text editor like leafpad and edit the file. We can use Terminal for that.
Now we scroll down to find Linux section. We just need to remove those # in order to run the commands. Then we save it and close it. See screenshot below:
Step 2 – Setup Server
Start Apache Server : Now we need to start Apache. Then we start our apache web server by following the command.
Let’s move to the default html page folder. This is where we can control what the victim sees when they are redirected. The site is /var/www/html where you will find the index.html page. You can change the document according to your needs and, if you think you have done enough stupid to the victim, you can save the page and the changes will take effect immediately. Let’s see here …
Then we get our local IP using the ifonfig command. When we open our localhost, it is the home page of the apache web server. We may place anything on our site, such as a phishing scam or any malicious web page. We are now changing the domain of facebook.com with our localhost. It means that if someone tries to open facebook.com on our network it will open our localhost page and not Facebook.
Step 3 – Configuring DNS
Now we need to set up another ettercap file called etter.dns
This etter.dns file is a host file and is responsible for redirecting certain DNS requests. Basically, if the target enters facebook.com they will be redirected to the Facebook website, but this file can change all that. That’s where the magic happens, so let’s plan it.
First, though, let me explain what can and should be done with the host file. So in a real-life situation, the attacker can use this opportunity to redirect traffic to his data smoker. This is done by starting the Apache server on the Kali machine and converting the default homepage into a clone, say facebook.com or chase.com so that when the victim visits those websites, after redirecting to the attacker machine they will see. clones of the areas mentioned above. This will probably trick the unsuspecting user into entering his credentials where they should not actually enter. Suffice it to say, let’s do it.
First, redirect traffic from any website you would like to go to on your Kali machine. Therefore, scroll down to the so-called “microsoft sucks;)” and add another similar line below it, but now use any website you like. Also, don’t forget to change the IP address to your IP address.
Then we scroll down and set our target. See the following screenshot:
We remove the highlighted link in the screenshot, and place the link we want to redirect, in our case it is facebook.com so we set it, and change the next line of sub-domains.
Then we will change those IPs with our local IP. Then we remove the third line. Configuration shown in the following screenshot:
Then we save the file and close it.
Step 4 – Ettercap
Now let’s run this show by opening Ettercap. You can do it in a disabled way using the launchpad or in a cool way using Terminal. I will teach you a cool way. Continue to open Terminal and type:
This will open the Graphical User Interface (GUI) mode for ettercap
Here we need to select our network interface. Then it will start unified sniffing. eth0
Now we choose our target. Before selecting a target we need to stop the combined smell. To do so, in the Top Left, Stop button click the “Stop Sniffing” button.
Now we want targeted scanning on our network and select one. To do this, go 3 dot Menu > Hosts> Scanner > Scan for Hosts unknowingly and wait for it to check. It should take a few seconds depending on the size of your network (which I think is not very large).
So we are dealing with scanning but how do we see our targets ? Well, 3 dot Menu > Hosts > Host list to see all of Ettercap’s has found.
Now what we want to do is add our victim machine to Target 1 and our port gateway to Target 2 but first we need to know both of their IP addresses. To find our victim’s IP address, we first need to know who they are attacking, and we can do so using a nmap to get the information we need on the target machine. Once you are sure who your victim is, select their IP address from the host list on Ettercap and select Add to Target 1. Now you need to find your gateway IP address (your route). To do this, open the Terminal and type ifconfig and check where it says Bcast: and that will tell you the IP address of your gateway. Alternatively, you can also use the route -n command. Now select the gateway IP from the host list and select Add to Target 2.
Step 5 – Action (Start Attack)
Now that we have both the Target set for our victim and the gate, we can move on to the attack.
Go to the top right MITM Menu > ARP Poisoning, choose Sniff remote connections and and press OK. Now go to 3 dot Menu > Plugins > Manage Plugins and double-click dns_spoof to open that plugin.
The last thing to do here is to start the attack. Go back to Ettercap and select Top Left Start > Start Sniffing and that’s what you should do.
Now every time a victim visits a web page you point to in the etter.dns file (mine is facebook.com) they will be redirected to the beautiful and invisible page above. You can see how extremely cruel this can be, as the attacker can write a script that downloads the requested page immediately and set the etter.dns file and listen to the login, all by default. This should really warn you that it is very easy to perform DNS Spoofing attacks with very few resources.
Now you know how DNS spoofing works and, most importantly, how to protect yourself from it. Being in the White Hats forum means learning not only the attacks but also their remedies. This is especially helpful in real life situations and I hope that if you put yourself in this kind of pile you will know how to avoid it.
I hope you enjoyed today’s lesson and hope you learned something from it. Any future teaching suggestions I would love to include. Soon I will be releasing something from the Online HacKing community so stay tuned.