DNS Spoofing using BetterCap

DNS Spoofing refers to any attack that tries to change the DNS records returned to a querier to a response the attacker chooses. This can include some of the techniques described in DNS Hijacking, the use of cache poisoning, or some type of man-in-the-middle style attack. Sometimes, we use the term DNS Hijacking and DNS Spoofing interchangeably.

We would be performing MITM (Man in the middle)attack to perform DNS Spoofing

Let us say we are in the network (attacker and victim) and we need to spoof the DNS redirecting a domain to the attacker’s controlled website.

Case: When the user tries to connect to a website: www.ubuntu.com , will be redirected to the website that is hosted in attacker’s device

Pre-Requisite

We need to know the attacker’s and victim IP address along with gateway ip address to perform the attack

In our case , we have an attacker’s machine with the IP address : 192.168.29.129 along with gatewap IP address 192.168.29.2

Note: IP address may vary from network to network.

Attackers IP config details

Victim IP config details:

IP address of victim: 192.168.29.128

Website hosted by the attacker on his IP address:

Attackers need to host a website to redirect on malicious website. In local network attacker could set up using Apache or Xampp Server.

In our case the website which attacker has setup on his IP is somewhat like this:

Now lets get the real thing done!!

Spoofing via Bettercap

BetterCAP is a powerful, flexible and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more.

We can say it’s an advanced version of Ethercap.

Installation of Bettercap:

sudo apt-get install bettercap (Debain)

Working:

1.Let’s fire up the tool by entering bettercap in the terminal

2. Bettercap has the module of different attack, to see which of the modules are running type help command in the bettercap.

Here we can see that modules are not running , we would be using dns.spoof module to perform the task.

To start/stop any module:

module name on/off

Here, we would be firing up the command dns.spoof on. Guess we havenot set up the parameter for the same!

Lets set up the parameter for dns spoofing i.e dns spoof domains and spoofed IP address. To do so , firing the commands:

set dns.spoof.domains ubuntu.com

set dns.spoof.address 192.168.29.129

Once all the params are set. We are good to go!! Thus starting dns.spoof caplets(modules) using dns.spoof on command

This will spoof the domain with the IP address in the network. Thus visiting the domain in the network would lead to the website hosted by attackers IP.

Lets try visiting the domain ubuntu.com from the victim machine or other endpoints and we are redirected to attackers website.

Hacking Hacking!!

--

--

--

Just an another security nerd… CEH MASTER | PENTESTER

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Crypto Airdrop : BREA

{UPDATE} Dress Up & Makeup Girl Games Hack Free Resources Generator

{UPDATE} Goal Shot Hack Free Resources Generator

{UPDATE} MMX Racing Hack Free Resources Generator

Private Dashboards were accessible by other Admins in Analytics Dashboard

IOS 15 Warning: Protect Your Personal Information

What is Dark Web?

BandChain Phase 1: Proof-of-Authority Mainnet Launch

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vikas Sharma

Vikas Sharma

Just an another security nerd… CEH MASTER | PENTESTER

More from Medium

Series of CTF machines Walkthrough #6 Linux Privilege Escalation using SUDO permissions.

TryHackMe: BountyHacker

Developing with VBA for Script Kiddies — TrustedSec