Spoofing attack is unlike sniffing attack,
there is a little difference between spoofing and sniffing. Sniffing is
an act to capture or view the incoming and outgoing packets from the
network while spoofing is an act to forging one's source address. In
spoofing attack an attacker make himself a source or desire address.
This is basically done by using some tricks.
Spoofing is so general word and it contains attack like DNS spoofing, IP spoofing and others.
What Is DNS Spoofing?
DNS spoofing is an attack that can categorize under Man-In-The-Middle-Attack, beside DNS Spoofing MIMA contain:
- ARP poisoning
- Sessions hijacking
- SSL hijacking
- DNS Spoofing
Each attack has its
own importance but to be sure it is very difficult to discuss all
attacks in single article, I will post some more articles related to
MIMA.
DNS spoofing is an
attack in which an attacker force victim to enter his credential into a
fake website, the term fake does not mean that the website is a phishing
page while. To understand DNS spoofing refer to this pictures.
In the normal
communication a user send request to the real DNS server while if an
attacker spoof the DNS server than this attack is called
Man-In-The-Middle-Attack.
Now the question is
how to perform DNS spoofing attack, the term spoofing is very similar
with sniffing and the sniffing tools can used to perform spoofing
attack. For this article I will use ettercap.
What Is Ettercap?
According to official
website “Ettercap is a suite for man in the middle attacks on LAN. It
features sniffing of live connections, content filtering on the fly and
many other interesting tricks”.
DNS Spoofing Tutorial With Ettercap-Backtrack5
If you want to learn
more background theory than you can ask question by using comment box,
now this section will teach you how to perform Spoofing
(Man-In-The-Middle-Attack) attack.
Requirement:
- An Operating system (Linux, Windows etc)
- Ettercap
- SET
I am using backtrack 5 for
this tutorial you can use some other OS, social engineering toolkit is
not a necessary part but as discussed before about SET tutorial for
hacking windows by using fake IP so you can use Spoof your IP into a
website. So this is little advance tutorial.
It is recommended to use DNS spoofing attack with Social engineering toolkit attack to make the job done effectively. :)
