Menu
 
» » » » » How to spoof DNS using Cain and Abel

A+ A-
The Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource connected to the internet or a private network. It associates various information with domain names assigned to each of the participants. For example, http://www.example.com translates to 208.77.188.166.

You can download Cain and Able from here !

What does poisoning the DNS allow us to do ?

It allows us to redirect the traffic to another website.
First This is the structure of the network :

DNS-SPOOF

1 , 2 and 3 are computers
1 is the computer being the gateway (could be a router) (172.128.254.1)
2 is the target computer (172.128.254.10)
3 is the attacker using cain 
Note : IPs are just used for this tutorial and chosen randomly. 
Our work is on computer number 3 :
1-After you install cain , open it and go to the sniffer tab
2-Click on configure and choose your adapter

DNS-SPOOF

3-Enable the sniffer (click on the second icon in the toolbar next to the open icon)
4-Right click in the empty area and choose scan MAC addresses. We get the results above.
5-Click on the APR Tab
 
DNS-SPOOF

6-Click on the + sign in the toolbar to add a new ARP poison routing

DNS-SPOOF

7-choose the gateway which is 172.128.254.1 , in the next list you’ll get the IP of the computer 2 which is 172.128.254.10 and click ok 

DNS-SPOOF

8-now click on the APR-DNS tab

DNS-SPOOF

9-click on the + sign 

10-enter the web address that you want to spoof , (in this case when the user goes to facebook he’ll be redirected to myspace) click on resolve type the web address that you want to redirect the user to it, and click ok, and you’ll get the IP of the web address, then click ok

DNS-SPOOF 

you'll get something like this:

DNS-SPOOF

11-now to make this work we have to enable APR poisoning , click on the icon next to the sniffer icon, and everything should work as we expect.

Now the computer 2 will get the routes poisoned and when the user requests http://www.facebook.com he will be redirected to http://www.myspace.com
Imagine what you can do with this technique.


THANKS FOR VISITING OUR BLOG!
Posted by
Catagory , , ,

Share to:

at 03:15

Post a Comment

  1. Anonymous10 May 2014 at 11:34

    This is an accurate write up. It would be useful to know how to get around browser security, because that will put an end to the fun.
    Tried this in the benchlab the other day and explorer blocked the Cain's self-signed certs.
    Otherwise it would've been :>)

    ReplyDelete

Subscribe to: Post Comments (Atom)
 
Top