search

Ettercap / ettercap

Ettercap Project
http://www.ettercap-project.org
GNU General Public License v2.0
2.29k stars 488 forks source link

DNS spoofing not work for all sites #1156

Open PillMagic opened 2 years ago

PillMagic commented 2 years ago

DNS spoofing is working only for certain sites. I have this etter.dns: *.google.com A 192.168.0.1 *.google.co A 192.168.0.1 google.com A 192.168.0.1

microsoft.com A 192.168.0.1 *.microsoft.com A 192.168.0.1

It works only for google.com, however for microsoft.com it dont work(the site cant be reached). it logs ettercap write: dns_spoof: A [www.microsoft.com] spoofed to [192.168.0.1] TTL [3600s]. It dont work also for facebook and youtube.

wireshark dns query and responce: standart query 0x349d A c.s-microsoft.com standart query responce 0x349d A c.s-microsoft.com A 192.168.0.1 Why?

koeppea commented 2 years ago

DNS spoofing is best tested using a pure DNS client like nslookup. Please test again using a pure DNS client.

You can also test including upper layers by using a non-Microsoft victim machine or another browser.