DNS spoofing is a attack in which the attacker poisoned the arp cache and DNS server of the victim and redirect his requested URL to a malicious website. For more details about DNS Spoofing please click here for the Wikipedia link.
As i mentioned in my last post that Ettercap is a suite for man in the middle attacks (MITM) on the local LAN. It has several features like arp spoofing, dns spoofing and many more.
We will customize our DNS spoofing configuration file:
/usr/local/share/ettercap/etter.dns
Here i am changing the ip address of microsoft.com to my server (To run server on backtrack type "apache2ctl start" without quotes before doing DNS spoofing run your own server ).
open ettercap using command "ettercap -G" without quotes.
click on sniff -> unified sniffing and then select your interface .
Click on plugins -> manage plugin and then double click on dns_spoof.
click on Hosts->scan for host (you will get a list of available host in the network).
Select default gateway as target 1 and victim's ip as target 2.
select Mitm->Arp poisoining then a window will be prompted tick on sniff remote connections.
Finally click on Start->start sniffing.
Now open victim's machine and type www.microsoft.com he will be redirected to the malicious website .
