How I pranked my friend using DNS Spoofing?

Aditya Anand
Jul 20, 2018 · 5 min read

Now who doesn’t love a great prank story? You know the whole idea of hacking first started by pranksters trying to do crazy things and tinkering with stuff to get them to do odd things. This article is similar to that where I pranked my friend using DNS spoofing.

DNS spoofing is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver’s cache, causing the name server to return an incorrect result record. This results in traffic being diverted to the attacker’s computer (source Wikipedia)

The only requirement of this attack is that the user should be on your network. So, my friend and I was using the same LAN connection. While he was busy watching a movie I was saving this trick for him. I booted up my Kali machine and began the process of DNS spoofing.

Let’s begin!

Figure out the IP address of your own machine and the interface via which you are connected to the internet.

Image for post
Image for post

Once, you know the IP address of your own machine and the interface, figure out the gateway IP address.

Image for post
Image for post

Then, go ahead and scan for the systems on your network. This will help you to find the device you want to target and their IP address.

Image for post
Image for post

Once, the scan is done and complete you would know the IP address of your victim.

Now go ahead and type this ahead in the terminal.

gedit /etc/ettercap/etter.conf

This, will open the ettercap configuration files, a tool we will use ahead to carry out the process of spoofing. Once, the configuration file is opened then go ahead and change the values of the ec_uid and ec_gid from default values to zero.

Image for post
Image for post

Once, that is done proceed further down, till you see the below image. By default the redir_command_on and redir_command_off under the iptables, will be commented using a # symbol, remove the symbol to uncomment it.

Image for post
Image for post

As soon as you make the above changes, go ahead and save it and then close it. Fire up ettercap ( GUI version ), click Sniff, then Unified sniffing, this lower box will pop up go ahead and choose your network interface.

Image for post
Image for post

As soon as you click “OK”, sniffing process starts. You have to stop it for the time being.

Image for post
Image for post

Once, you do that then go ahead and scan for hosts using ettercap, this option is present under “Hosts” tab. Once, the scan is complete check the “Host List” to get the IP addresses in ettercap. Now we need to assign Target 1 & Target 2.

Image for post
Image for post

The IP address of the victim (the system we are attacking) is Target 1, whereas IP address of the gateway router is the Target 2. Once, this is assigned then proceed to “ARP Poisoning” under the “Mitm” tab and select Sniff remote connections.

Image for post
Image for post

After completing the above steps go to plugins and double click on the “dns_spoof” plugin to activate it.

Image for post
Image for post

Now to the last process which is the most important of all. In this step we need to setup the redirects for which particular websites we need to redirect the traffic to our page that we have setup on our machine. Go ahead and type the following in the terminal.

gedit /etc/ettercap/etter.dns

This will allow us to manipulate the dns tables, enabling us to re-route the traffic from the victim’s system to our locally hosted website. Here I added websites like facebook.com, *.facebook.com, twitter.com and more to be re-directed to the page I am hosting on my machine.

Image for post
Image for post

Now that this process is done with, change the html code present in the given location /var/www/html/index.html and insert whatever you desire. After all this is completed type in the following in the terminal.

service apache2 start

As soon as the apache service starts, go back to ettercap and start the sniffing process. Now your attack is complete, and all the victim has to do is visit the websites you have included in your DNS tables.

Fooled ya!

Now, after my friend was done with his movie and opened up a website, this particular notice was there to greet him.

Image for post
Image for post

My friend was in a deep shock for few moments, before realising that I pulled a prank on him.

Moral

Attacks like this can be conducted on a bigger scale and if carefully constructed they could be fatal as it could be any banking website login page or your login credentials to your social networking websites. Attackers can harvest your data by redirecting you to their very own websites, which can be deadly.

If you enjoyed it please do clap & let’s collaborate. Get, Set, Hack!

Website : aditya12anand.com | Donate : paypal.me/aditya12anand

Telegram : https://t.me/aditya12anand

Twitter : twitter.com/aditya12anand

LinkedIn : linkedin.com/in/aditya12anand/

E-mail : aditya12anand@protonmail.com

P.S. This attack didn’t work on the HTTPS websites, due to lack of proper certificate. It threw an error like the one below. I am sure there is a way around it, just trying to figure out how to do it. Do share it, if you know how to bypass this.

Image for post
Image for post

InfoSec Write-ups

A collection of write-ups from the best hackers in the…

Sign up for Infosec Writeups

By InfoSec Write-ups

Newsletter from Infosec Writeups Take a look

Check your inbox
Medium sent you an email at to complete your subscription.

Aditya Anand

Written by

CyberSec Professional | Hacker | Developer | Open Source Lover | Website - aditya12anand.com | Donate - paypal.me/aditya12anand

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Aditya Anand

Written by

CyberSec Professional | Hacker | Developer | Open Source Lover | Website - aditya12anand.com | Donate - paypal.me/aditya12anand

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store