The Hacker Recipes
GitHubTwitterExegolTools
Search
K
Links

DNS spoofing

Theory

DNS is not multicast or broadcast like LLMNR, NBT-NS or mDNS. In order to answer DNS requests, attacker first need to receive them. For instance, this can be achieved with ARP spoofing or DHCPv6 spoofing. DNS spoofing is basically setting up a DNS server and answering DNS queries obtained through man-in-the-middle technique.

Practice

Responder
dnschef
bettercap
Responder's (Python) DNS server feature can be used to answer DNS queries.
responder --interface "eth0"
responder -I "eth0"
dnschef (Python) can be used as a DNS server.
dnschef --fakeip 'Pentest_IP_Address' --interface 'Pentest_IP_Address' --port 53 --logfile dnschef.log
In order to spoof DNS requests, bettercap (Go) can be used. This tool can also be used for the first step of ARP spoofing or DHCPv6 spoofing.
set dns.spoof.domains $DOMAIN_FQDN
set dns.spoof.all true
dns.spoof on

Resources

Previous
ARP poisoning
Next
DHCP poisoning
Last modified 1yr ago