search

Ettercap / ettercap

Ettercap Project
http://www.ettercap-project.org
GNU General Public License v2.0
2.35k stars 491 forks source link

Does Plugin dns_spoof work in bridge mode? #774

Closed hmn91 closed 7 years ago

hmn91 commented 7 years ago

Hi guys, I am trying to run dns_spoof plugin in ettercap bridge mode. Here is my command ettercap -TqS -i eth0 -B eth1 -P dns_spoof and my etter.dns look like this example.com A 1.2.3.4 eth0 connect to the internet and eth1 is connect to the victim, 1.2.3.4 is my vps ip address Now I browse example.com from victim machine, it cannot connect to my vps. I have capture data using wireshark on victim machine and see no dns reply. nslookup it and get timeout. So does dns_spoof work in bridge mode? Do I miss any config?

hmn91 commented 7 years ago

As I try in bridge mode, the victim machine and attacker machine cannot connect to each other, for example, in attacker machine run a local website, the victim cannot connect to it, and vice versa. In dns_spoof, I think it drop the query and create a resonse itself. But because it cannot connect to victim machine so the response cannot be sent. Am I right?

koeppea commented 7 years ago

thanks. I've been able to reproduce the issue. Will further look into it.

koeppea commented 7 years ago

@hmn91 could you please test if the PR #775 helps? Thanks.

hmn91 commented 7 years ago

@koeppea The dns_spoof works well now. Thank you so much :). Can you also have a look the problem I described above about in bridge mode, attacker machine and victim machine cannot connect to each other. For more details, I have something like this Computer A (eth0: 192.168.1.3) <-------> (eth1) Computer B (eth0: 192.168.1.2) <-------> Gateway From computer A, I can access Internet normally, every packets is forwared well. But in case I want access, for example a web page, on computer B from computer A, it failed. As I capture the packets, they go like this:

  1. A(192.168.1.3) send Get Request to B(192.168.1.2)
  2. B receives the request on interface eth1
  3. B broadcast ARP request: Who has 192.168.1.3? on interface eth0 now of course there is no reply to this ARP so B do not know how to send data to A As I check B's arp table, it have 192.168.1.3 on eth1 but not on eth0. That's all information I have till now. Please have a look :). Thanks.
koeppea commented 7 years ago

Good. Please open a new issue to keep these things separated. Also point out on which machine ettercap is running (A or B) and on which machine the webserver is running to be able to properly reproduce.

hmn91 commented 7 years ago

@koeppea i have create new issue, please read here https://github.com/Ettercap/ettercap/issues/776