Forum Thread: Arpspoof and Dnsspoof

Hi,

I'm trying dnsspoof but it's not working.

The arpspoof is ok :
arpspoof -t 192.168.1.1 192.168.1.116
arpspoof -t 192.168.1.116 192.168.1.1

On victim pc, both router and attacker ip shows MAC address of attacker.

If I do dnsspoof :
dnsspoof -f spoofhosts.txt -i ens33

Then, on victim pc, nslookup is not resolving :

nslookup example.com

I have to specify the attacker as the dns server :

nslookup example.com 192.168.1.129

Otherwise, it's using the dns server assigned to the victim's interface.

On attacker machine, ip forward is set to on.
echo 1 > /proc/sys/net/ipv4/ip_forward

What I should I do more so that this :
nslookup example.com

resolves using 192.168.1.129, instead of using the dns of the victim's interface ?

Never Miss a Hacking or Security Guide

Get new Null Byte guides every week.

5 Responses

Try useing ettercap or any other tool like mitmf
Look at github and search for mitm or man-in-the-middle

But the DNS server are external, like if it was 8.8.8.8.

Can we dns spoof even if using an external dns server ?

We can arpspoof victim and gateway, so that the attacker gets in the middle.

Then, if the victim's dns server is the same as the gateway, the attacker can use dnsspoof to forge packets accordingly.

But if the victim's dns is external (like 8.8.8.8), there's no possible way of spoofing him this way.

Am I right ?

Hey Guys,

How about using bettercap? You have to type 'sudo apt-get install bettercap' to install it. It also supports https.
If you want to mitm someone you simply have to type 'bettercap -T <Target> --proxy-https -P https' and that's it.
But don't forget to change the 0 in /proc/sys/net/ipv4/ip_forward to 1.

It's just a suggestion. Thanks.

The tool I use doesn't matter. I could have used ettercap, bettercap, dnschef, dnsmasq, dnsspoof with arpspoof etc...

Please read my post before. I think it's not possible because the victim's DNS is not the default gateway or another address part of the LAN. The dns is an external dns like 8.8.8.8.

I, the attacker, is in the middle with arpspoof.

If the dns was also 192.168.1.1 (like the default gateway), the dns spoof would work.

Please correct me if I'm wrong.

You might be right, Im bot sure I haven't use a mitm attack with a DNS.

Share Your Thoughts

  • Hot
  • Active