DNS Poisoning – Using Ettercap

Let’s do an exercise on DNS poisoning using the same tool, Ettercap.

DNS Poisoning is quite similar to ARP Poisoning. To initiate DNS poisoning, you have to start with
ARP poisoning, which we have already discussed in the previous chapter. We will use DNS spoof
plugin which is already there in Ettercap.

Step 1 − Open up the terminal and type “nano etter.dns”. This file contains all entries for DNS
addresses which is used by Ettercap to resolve the domain name addresses. In this file, we will add a
fake entry of “Facebook”. If someone wants to open Facebook, he will be redirected to another
website.

Step 2 − Now insert the entries under the words “Redirect it to www.linux.org”. See the following
example –

Step 3 − Now save this file and exit by saving the file. Use “ctrl+x” to save the file.

Step 4 − After this, the whole process is same to start ARP poisoning. After starting ARP poisoning,
click on “plugins” in the menu bar and select “dns_spoof” plugin.
Step 5 − After activating the DNS_spoof, you will see in the results that facebook.com will start
spoofed to Google IP whenever someone types it in his browser.

It means the user gets the Google page instead of facebook.com on their browser.

In this exercise, we saw how network traffic can be sniffed through different tools and methods.