DNS Spoofing using BetterCap

DNS Spoofing refers to any attack that tries to change the DNS records returned to a querier to a response the attacker chooses. This can include some of the techniques described in DNS Hijacking, the use of cache poisoning, or some type of man-in-the-middle style attack. Sometimes, we use the term DNS Hijacking and DNS Spoofing interchangeably.

We would be performing MITM (Man in the middle)attack to perform DNS Spoofing

Let us say we are in the network (attacker and victim) and we need to spoof the DNS redirecting a domain to the attacker’s controlled website.

Case: When the user tries to connect to a website: www.ubuntu.com , will be redirected to the website that is hosted in attacker’s device


We need to know the attacker’s and victim IP address along with gateway ip address to perform the attack

In our case , we have an attacker’s machine with the IP address : along with gatewap IP address

Note: IP address may vary from network to network.

Attackers IP config details

Victim IP config details:

IP address of victim:

Website hosted by the attacker on his IP address:

Attackers need to host a website to redirect on malicious website. In local network attacker could set up using Apache or Xampp Server.

In our case the website which attacker has setup on his IP is somewhat like this:

Now lets get the real thing done!!

Spoofing via Bettercap

BetterCAP is a powerful, flexible and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more.

We can say it’s an advanced version of Ethercap.

Installation of Bettercap:

sudo apt-get install bettercap (Debain)


1.Let’s fire up the tool by entering bettercap in the terminal

2. Bettercap has the module of different attack, to see which of the modules are running type help command in the bettercap.

Here we can see that modules are not running , we would be using dns.spoof module to perform the task.

To start/stop any module:

module name on/off

Here, we would be firing up the command dns.spoof on. Guess we havenot set up the parameter for the same!

Lets set up the parameter for dns spoofing i.e dns spoof domains and spoofed IP address. To do so , firing the commands:

set dns.spoof.domains ubuntu.com

set dns.spoof.address

Once all the params are set. We are good to go!! Thus starting dns.spoof caplets(modules) using dns.spoof on command

This will spoof the domain with the IP address in the network. Thus visiting the domain in the network would lead to the website hosted by attackers IP.

Lets try visiting the domain ubuntu.com from the victim machine or other endpoints and we are redirected to attackers website.

Hacking Hacking!!




Just an another security nerd… CEH MASTER | PENTESTER

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

BitBoost marketplace: a different paradigm for user data

Open Source Autonomy — A Security Threat or Shield?

The Weaknesses of MD5, SHA1 and SHA-256 — The Length Extension Attack

S-wallet — The Best Financial Aggregator

The Obligatory RSA Challenge — DawgCTF 2021

California Consumer Privacy Act: Get Up to Speed

CortexDAO (CXD) Listed on the MEXC Global Exchange

{UPDATE} انتقام السلاطين Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vikas Sharma

Vikas Sharma

Just an another security nerd… CEH MASTER | PENTESTER

More from Medium

OverTheWire:~$ Bandit Level 19 → 20

Hack The Box — Bike SP

OWASP Zed Attack Proxy Primer

TryHackMe Undercover Official Writeup