Ettercap issue

[hiishaam]

Hi,

I installed kali linux 2020. When i use ettercap, i configure etter.config under iptables and removed the hashes and saved it because i want to make dns spoofing lab using ettercap.

Then when i open it and select my wifi card then start sniffing the program crashes.

I reconfigured the etter.conf to original then it works fine

How to solve the issue here because i have to remove the iptables hashes in order to make the spoof works. Thanks

[koeppea]

If I would make an educational guess, I would bet you have forgotten to remove the hash from the redir6_command_on and redir6_command_off lines.

However, this enables the possibility to intercept an SSL encrypted communication. This is not required for DNS spoofing.

So to do DNS spoofing, you don’t need to uncomment the iptables commands, even though quite some YouTube videos show this.

But as I said, you just need to get in the middle between the client and the DNS server with either ARP or NDP poisoning and enable the dns_spoof plugin.

It helps when you know what IP the client uses for DNS.

[hiishaam]

I tried without removing the hashes, i still cannot intercept the connection

I put target 1 the victim and target 2 gateway then then I activated arp poisoning then i activated dns spoof plugin then i added entry in etter.dns file then saved it then I started the spoofing but it is not working

Can u help me with my issue?

[koeppea]

1. which DNS server IP the victim is using? Type ‘nslookup’ in a command prompt. There you see which IP the client is using. Paste the IP here.
2. Windows clients use local DNS caching by default. Clear the cache using ‘ipconfig -flushdns’ to clear it before you try resolving the name.
3. Check on low level first to see if the spoofing works using ‘ping ’ on the victim.

[hiishaam]

Victim ip 192.168.8.108/24 My ip 192.168.8.105/24 Default gateway ip 192.168.8.1

For dns, we are all in the network use gateway as dns

Also ping works between pcs

By the way, my scenario is that i have iphone and pc. When iphone gets to page like Facebook.com, it shows another web page has word like “spoofing works” which is this page in my linux pc

[koeppea]

is victim == iphone?

Have you already checked out a video that I've made some time ago but which is still relevant: https://www.youtube.com/watch?v=_rYthjO5uWU

Nowadays it's quite common that home networks are equipped with a IPv6 prefix in parallel to the traditional IPv4 address. This has to be taken into account when messing with IP based MITM as the underlying mechanics are relevant if your attack scenario works or fails. The video explains these mechanics and how they can be controlled.

[hiishaam]

Thanks koeppea. Now when i ping from the victim it shows me my ip Just one last question how to make my victim open a webpage that i made after the spoofing.

After I successfully spoofed the website, i still cannot open the spoofed webpage that i made from the victim site. I made it in var/www/html/index.html then i start apache2 but the page isn’t openning

[koeppea]

Sorry but I can not explain the overall setup you're working on. I can help you on defects with ettercap. However, once it successfully spoofs the DNS reply, it's working from my perspective. As I said, there are a lot of things that need to be considered. And in nowadays networks it's not that easy to spoof a client to another website.

[koeppea]

Does the DNS reply being spoofed? Otherwise, we have to get deeper in Ettercap troubleshooting: Wiki: providing debug information

[hiishaam]

I’ll check again and reply back. Thank you

[hiishaam]

ok now when i ping spoofed site from the victim it replies with my machine ip so i guess the spoofing works.

the problem is when i tried to access the spoofed site from IE from either local or victim machine it doesn't open the spoofed page (Cannot connect to the site) but if i opened the page in the victim using my local ip it opened correctly so i guess the problem is with the apache2 server in my kali.

Would you help me with that please?

[koeppea]

When I'm online, I'm hanging out in our IRC channel #ettercap-project on Freenode. Try to catch me there. My nick is format_c. You can also write me an e-mail to find a suitable time to meet in IRC channel. You can find my e-mail address behind this URL when you append .patch to the URL.

I'm closing the issue since dns_spoof plugin is apparently working.