DNS Spoofing attack
Spoofing attack is unlike sniffing
attack, there is a little difference between spoofing and sniffing.
Sniffing is an act to capture or view the incoming and outgoing packets
from the network while spoofing is an act to forging one's source
address. In spoofing attack an attacker make himself a source or desire
address. This is basically done by using some tricks.
Spoofing is so general word and it contains attack like DNS spoofing, IP spoofing and others.
DNS spoofing is an attack that can categorize under Man-In-The-Middle-Attack, beside DNS Spoofing MIMA contain:
- ARP poisoning
- Sessions hijacking
- SSL hijacking
- DNS Spoofing
Each
attack has its own importance but to be sure it is very difficult to
discuss all attacks in single article, I will post some more articles
related to MIMA.DNS
spoofing is an attack in which an attacker force victim to enter his
credential into a fake website, the term fake does not mean that the
website is a phishing page while. To understand DNS spoofing refer to
this pictures.
In
the normal communication a user send request to the real DNS server
while if an attacker spoof the DNS server than this attack is called
Man-In-The-Middle-Attack.
Now
the question is how to perform DNS spoofing attack, the term spoofing
is very similar with sniffing and the sniffing tools can used to perform
spoofing attack. For this article I will use ettercap.
What Is Ettercap?
According
to official website “Ettercap is a suite for man in the middle attacks
on LAN. It features sniffing of live connections, content filtering on
the fly and many other interesting tricks”.It is support cross operating system like it can run on Windows, Linux, BSD and MAC.
DNS Spoofing Tutorial With Ettercap-Backtrack5
If
you want to learn more background theory than you can ask question by
using comment box, now this section will teach you how to perform
Spoofing (Man-In-The-Middle-Attack) attack.
Requirement:
- An Operating system (Linux, Windows etc).
- Ettercap.
- SET(Social Engineering Toolkit).
I am using backtrack 5 for this tutorial you can use some other OS, social engineering toolkit is not a necessary part but as discussed before about SET tutorial for hacking windows by using fake IP so you can use Spoof your IP into a website. So this is little advance tutorial.
*************************************************************************************************************
*************************************************************************************************************
*************************************************************************************************************
Note : It is recommended to use DNS spoofing attack with Social Engineering Toolkit attack to make the job done effectively.
No comments:
Post a Comment