Intercept DNS query packet and send spoofed response after ARP poisoning

Question

On my network, I am able to perform ARP poisoning but only for a target machine not router. Therefore, I cannot spoof responses by intercepting router's packets and modifying them (http://lifeofpentester.blogspot.co.uk/2013/06/how-to-spoof-dns-in-kali-linux-facebook.html). What I can do though, is since all machine-router traffic is forwarded through me, I could intercept and never forward the DNS query packet to the router, and send a crafted response to the machine. Does that sound right and are there any particular Linux (Kali) tools to perform this attack?

P.S. I'm experimenting on my home network in educational purposes obviously. Ta.

score 4 · Accepted Answer · answered Oct 09 '15 at 14:22

4

You can do this using DNSchef. It is described here at the Kali Webpage. You can also find a useful documentation at the developers webpage.

When it gets more complex I suggest you to use configuration files instead of command line switches.

answered Oct 09 '15 at 14:22

davidb

4,285
3
19
31

Intercept DNS query packet and send spoofed response after ARP poisoning

1 Answers1