DNS Spoofing: it’s a way to transfer visitor to your fake page from original website,
Here let me explain you in simple word that you can understand in one minutes what is dns spoofing, this is a way to redirect visitor from original website to other website depend on you where you want to send. for example the original website is thehostz.com/login.php and you transferred visitor to your page page in that case you ca steal password of victim
Step 1: Fire Up Kali.
Ready? up Kali and going to Applications -> Kali Linux -> Sniffing -> Network Sniffers, and finally, dnsspoof, as seen in the screenshot below.
Step 2: Open Dnsspoof
When you click on dns-spoof, the following terminal opens. Notice how simple the syntax is.
- dnsspoof -i <interface> -f <hostsfile>
Step 3: Set Up for Sniffing
We will trying to get a Windows 7 system on our network to redirect its bankofamerica.com navigation to our own website. Let’s use Google Chrome, or any browser, to navigate there.
Step 4: Flush the DNS Cache
First, close the browser and type:
- ipconfig /flushdns
Now we need to set our network card on our Kali server to promiscuous mode (she, your network card, will accept anyone’s packets).
- ifconfig eth0 promisc
Now we need to kill the connection between the Windows 7 system and [www.bankofamerica.com]. This forces the Windows 7 machine user to re-authenticate.
- tcpkill -9 host [www.bankamerica.com]
After killing www.bankofamerica.com, stop the tcpkill with a ctrl c.
Step 5: Create Hosts File
here we showed you how the hosts file in Linux acts like a static DNS. Here we will be using the hosts file to redirect that Windows 7 system’s search for Bank of America to our website. Let’s go to the /usr/local directory.
- cd /usr/local
From there, let’s open the hosts file in any text editor. Kali doesn’t have kwrite that we had been using in BackTrack, but it does have a graphical VIM, or gvim, so let’s use that.
- gvim hosts
Now that we have the hosts file open, we need to add the following line to it. Remember, the hosts file is simply mapping an IP address to a domain name, so we put our IP address in and map it to [www.bankofamerica.com].
- 192.168.1.101 www.bankofamerica.com
It’s important here to use the TAB key between the IP address and the domain. Spaces will be interpreted by the system to be part of the domain name.
Step 6: Create a New BOA Webpage
Before we go any further, we now need to turn off promiscuous mode on our network card (she decided to commit to you and only you).
- ifconfig eth0 -promisc
Now we need to create a website that the user will be directed to when they type bankofamerica.com in the URL of their browser. Let’s create a simple webpage.
Now open the index.html.
- gvim /var/www/index.html
<body> <h1>This is the Fake Bank of America Web Site! </h1>
Of course, if you really wanted to pull off this hack, you would want to take the time to build a website that looks and acts just like the site you’re spoofing, but that is another tutorial entirely.
Step 7: Start a the Apache Web Server
Now, start the web server built into Kali. This is Apache and the service is HTTP, so we go to Kali Linux -> System Services -> HTTP, and finally, apache2 start. This will start our web server on our Kali system hosting the fake Bank of America website.
Step 8: Start Dnsspoof
In our last step, we need to start dnsspoof and direct users to the entries in our “hosts” file first. Dnsspoof will intercept DNS queries and send them first to our hosts file before then sending them along to the DNS server. In this way, if we have any entry in our hosts file that the client is looking for, it will directed as specified by our hosts file.
Remember, we mapped bankofamerica.com to our IP address so that they will go to OUR web server and see OUR website.
- dnsspoof -f hosts
Step 9: Navigate to BOA from Windows 7
Now, from the Windows 7 system, type in the URL bankofamerica.com and it will pull up our fake website vs. the real Bank of America site.
As you can imagine, with dnsspoof in place, we can wreak all kinds of havoc on a LAN! for help hackersthirdeye.com