A couple of days ago I showed you how to spy on other users on your LAN using arpspoof well this builds on that topic and puts you in the drivers seat. We’re going to use dnsspoof another tool in the dsniff suite. dnsspoof is a tool that allows you to pretend to be a users DNS server and basically reply to their DNS requests with whatever you like. For example if they try to go to www.netscape.com you could redirect to www.digg.com
Needless to say you can have a lot of fun with this tool.
So the first thing we need to do is creat a hosts file for dnsspoof. The hosts file will define all the hosts or DNS records we want to forge. So continuing with my Netscape/Dig example we’ll need the IP address of the server Digg.com is hosted at. To get this we can run the following command from a command prompt.
digg.com has address 126.96.36.199
digg.com mail is handled by 0 mail.digg.com.
So this tells us Digg.com is hosted at the ip 188.8.131.52
So we need to create a host file to define this redirection now.
Open up a file in your favorite text editor and make it look like the example below.
Now what we’ve defined here is that anytime dnsspoof sees a request for anything.netscape.com (eg www.netscape.com, mail.netscape.com, etc) we’re going to send a DNS reply pointing to the IP address 184.108.40.206 instead of the real IP address.
So lets save this file as host.txt. Make sure it’s somewhere you can find it.
Now we need to open up a command prompt window and start ARP Spoofing (See This post). Once we’re started with that we can start dnsspoof with the following command
sudo dnsspoof -f ./host.txt
And you should see output like below
dnsspoof: listening on en0 [udp dst port 53 and not src your.pc.s.ip]
Now just sit back and wait for your mark to start browsing and you should see the DNS requests scroll by in your command prompt. And despite all their trying they simply won’t be able to get to www.netscape.com. There are actually a lot of more legitimate uses for this tool. I know some people who use it to block questionable content or advertising on their LAN.
As always let me know if you have any questions or comments in the comments of this post.