0

I’ve tried to DNS spoof 

dnsspoof -i eth0 -f spoofhosts.txt

(inside spoofhosts.txt there is my (the attacker) local ip and the domain which i want to poison)

and I just keep receiving this:

dnsspoof: listening on eth0 [udp dst port 53 and not src 10.0.0.11]
10.0.0.3.58451 > 10.0.0.138.53: 60823+ A? urlblablabla.com

When I try to enter to the URL in the hosts.txt from my other device that I attacked, the URL can’t be reached.

I have already done these steps:

echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i eth0 -t //ATTACKED-IP// //Router//
arpspoof -i eth0 -t  //Router// //ATTACKED-IP//
service apache2 start
schroeder
  • 123,438
  • 55
  • 284
  • 319
MercyDude
  • 149
  • 5
  • In first place, the `arpspoof -i eth0 -t ` is useless. With `arpspoof -i eth0 -t ` is enough. We need to know exactly your dnsspoof command and your LAN ips to understand what you are doing. I don't understand the `service apache2 start` command, I can't figure why is involved on this. We need more data. – OscarAkaElvis May 21 '17 at 19:43
  • @OscarAkaElvis ok, my dnsspoof command is: dnsspoof -i eth0 -f spoofhosts.txt (inside spoofhosts.txt there is my (the attacker) local ip and the domain which i want to poison) , and my LAN ips are starting from 10.0.0.0/24... , i started apache because i wanted to redirect the victim to my var/www/html/index.html file – MercyDude May 22 '17 at 12:42

1 Answers1

2

Now with your comment I can understand a little bit more.

You are doing arpspoof, ok now the victim thinks you are the router... but to make a dns spoofing you need to be the dns of the victim. Is the router (now you) the dns for the victim? You didn't specify that and could be for example that the victim have an internet dns settings like Google DNS 8.8.8.8 or any ISP DNS. So maybe is not working because the victim is not using router as DNS.

With a MITM attack you can sniff because everything is passing through you... ok the DNS requests are passing through you... you can see them... but you are doing nothing to spoof them because maybe that requests are not thrown to you and they are only passing through you.

So, check the DCHP of your network. What DNS es giving to the clients? If is not the same as gateway that's the reason is not working for you.

If it is giving for DNS same ip as gateway, then, it is supossed you are doing right... but if is not working be pretty sure you have all your iptables right.

OscarAkaElvis
  • 5,185
  • 3
  • 17
  • 48
  • thanks, can u please explain to me how can i check if the iptables are "right"? – MercyDude May 22 '17 at 13:26
  • It's supossed that if you don't have "strange" rules, everything should work.. Anyway, paste somewhere the output of your commands `iptables -L` and `iptables -t nat -L` to see if everything is normal – OscarAkaElvis May 22 '17 at 13:32
  • http://i.imgur.com/9ckgArP.png iptables -t and nat -L aren't working :\ – MercyDude May 22 '17 at 13:47
  • omg, read my comment. the command is `iptables -t nat -L`. You need all of the parameters... not only -t nat or only -L... you must have both! – OscarAkaElvis May 22 '17 at 13:56
  • my mistake sorry, so the output of the last command is: http://i.imgur.com/aJZpP6q.png – MercyDude May 22 '17 at 14:07