What is DNS-Spoofing and how it Works

Hi this is shahid malla we are updated our old posts on our official website coz we lost all data of our website during we are in prison 

DNS Spoofing: it’s a way to transfer visitor to your fake page from original website,

Here let me explain you in simple word that you can understand in one minutes what is dns spoofing, this is a way to redirect visitor from original website to other website depend on you where you want to send. for example the original website is thehostz.com/login.php and you transferred visitor to your page page in that case you ca steal password of victim

Lets Test it

Step 1: Fire Up Kali.

Ready? up Kali and going to Applications -> Kali Linux -> Sniffing -> Network Sniffers, and finally, dnsspoof, as seen in the screenshot below.

Step 2: Open Dnsspoof

When you click on dns-spoof, the following terminal opens. Notice how simple the syntax is.

  • dnsspoof -i <interface> -f <hostsfile>

Step 3: Set Up for Sniffing

We will trying to get a Windows 7 system on our network to redirect its bankofamerica.com navigation to our own website. Let’s use Google Chrome, or any browser, to navigate there.

Step 4: Flush the DNS Cache

First, close the browser and type:

  • ipconfig /flushdns

Now we need to set our network card on our Kali server to promiscuous mode (she, your network card, will accept anyone’s packets).

  • ifconfig eth0 promisc

Now we need to kill the connection between the Windows 7 system and [www.bankofamerica.com]. This forces the Windows 7 machine user to re-authenticate.

  • tcpkill -9 host [www.bankamerica.com]

After killing www.bankofamerica.com, stop the tcpkill with a ctrl c.

Step 5: Create Hosts File

here we showed you how the hosts file in Linux acts like a static DNS. Here we will be using the hosts file to redirect that Windows 7 system’s search for Bank of America to our website. Let’s go to the /usr/local directory.

  • cd /usr/local

From there, let’s open the hosts file in any text editor. Kali doesn’t have kwrite that we had been using in BackTrack, but it does have a graphical VIM, or gvim, so let’s use that.

  • gvim hosts

Now that we have the hosts file open, we need to add the following line to it. Remember, the hosts file is simply mapping an IP address to a domain name, so we put our IP address in and map it to [www.bankofamerica.com].

It’s important here to use the TAB key between the IP address and the domain. Spaces will be interpreted by the system to be part of the domain name.

Step 6: Create a New BOA Webpage

Before we go any further, we now need to turn off promiscuous mode on our network card (she decided to commit to you and only you).

  • ifconfig eth0 -promisc

Now we need to create a website that the user will be directed to when they type bankofamerica.com in the URL of their browser. Let’s create a simple webpage.

Now open the index.html.

  • gvim /var/www/index.html

This is what it looks like by default. We want to change it and put in the following html and save it.

<body> <h1>This is the Fake Bank of America Web Site! </h1>

Of course, if you really wanted to pull off this hack, you would want to take the time to build a website that looks and acts just like the site you’re spoofing, but that is another tutorial entirely.

Step 7: Start a the Apache Web Server

Now, start the web server built into Kali. This is Apache and the service is HTTP, so we go to Kali Linux -> System Services -> HTTP, and finally, apache2 start. This will start our web server on our Kali system hosting the fake Bank of America website.

Step 8: Start Dnsspoof

In our last step, we need to start dnsspoof and direct users to the entries in our “hosts” file first. Dnsspoof will intercept DNS queries and send them first to our hosts file before then sending them along to the DNS server. In this way, if we have any entry in our hosts file that the client is looking for, it will directed as specified by our hosts file.

Remember, we mapped bankofamerica.com to our IP address so that they will go to OUR web server and see OUR website.

  • dnsspoof -f hosts

Step 9: Navigate to BOA from Windows 7

Now, from the Windows 7 system, type in the URL bankofamerica.com and it will pull up our fake website vs. the real Bank of America site.

Now, when anyone on the local area network attempts to navigate to the Bank of America website, they will instead come to our website!

As you can imagine, with dnsspoof in place, we can wreak all kinds of havoc on a LAN! for help hackersthirdeye.com

0 0 vote
Article Rating
Notify of
Inline Feedbacks
View all comments