DNS spoofing

Theory

DNS is not multicast or broadcast like LLMNR, NBT-NS or mDNS. In order to answer DNS requests, attacker first need to receive them. For instance, this can be achieved with ARP spoofing or DHCPv6 spoofing. DNS spoofing is basically setting up a DNS server and answering DNS queries obtained through man-in-the-middle technique.

Practice

Responder
dnschef
bettercap
โ€‹Responder's (Python) DNS server feature can be used to answer DNS queries.
1
responder --interface eth0
Copied!
โ€‹dnschef (Python) can be used as a DNS server.
1
dnschef --fakeip 'Pentest_IP_Address' --interface 'Pentest_IP_Address' --port 53 --logfile dnschef.log
Copied!
In order to spoof DNS requests, bettercap (Go) can be used. This tool can also be used for the first step of ARP spoofing or DHCPv6 spoofing.
1
set dns.spoof.domains $DOMAIN_FQDN
2
set dns.spoof.all true
3
dns.spoof on
Copied!

Resources

dns.spoof :: bettercap
Last modified 3mo ago
Copy link