A domain name server translates a human readable domain name (such as example.com) into a numerical IP address that is used to route communications between the client and web server.
When a DNS server has received such non-authentic data and caches it for performance optimization, it is considered poisoned, supplying the non-authentic data to the clients of the server. If a DNS server is poisoned, it may return an incorrect IP address, diverting traffic to another computer (often the attacker’s)
Any request made to www.microsoft.com will be redirected to our web server.
A change in the file “etter.dns” will be required as shown below:-
Modify the “A” & “PTR” record in the configuration file of etter.dns. Assuming that {192.168.2.115} Is the attacker’s ip.
Start the http server on the attacker’s machine by “appachectl start” the check on localhosts {127.0.0.1}
On search area “ethercap ap–g”—sniff menu— unified sniffing—select the interface— Go to hosts menu—scan for host—after scan completes—go to host list from hosts menu.
Select default gateway {192.168.2.1} as target 1 and victims {192.168.2.111} as target 2. Now go to plugin menu & choose ” dns_spoof”
Now select MTM menu—arp poisoning—a pop menu will appear select “sniff remote connection
Click-Start sniffing.
Incoming search terms:
- ettercap dns spoofdomain spoof script backtrackettercap: dns-poisoningdns spoofing with ettercapdns spoofing using backtrackdns spoofing through backtrackdns spoofing scripthow to get protected from dns spoofing by backtrackettercap dns spoof targetettercap dns spoofing script
