Transferred from: http://www.cnblogs.com/hkleak/p/5043063.html
Note One: What is Ettercap?
We use the two tools of Cain and Netfuke when it comes to web security detection, and the functionality is believed to be known to a few friends, but these two tools run under Windows.
And Ettercap is running under Linux. In fact, the function is almost the same, I call it a sniffer tool, ARP spoofing, DNS, hijacking, intermediate attacks and so on. In short, this is a powerful security testing tool.
Note Two: DNS simple description
Learn what DNS is: Domain Name System (domain name systems: DNS) //Detailed information check Baidu
Learn what DNS spoofing is: An attacker (hacker) impersonating a domain name server to spoof a behavior //details of their own search Baidu
Understand how DNS works: If you can impersonate a domain name server and then set the IP address of the query as the IP address of the attacker,
In this way, users can only see the attacker's homepage on the internet, rather than the homepage of the site that the user wants to get, which is the basic principle of DNS spoofing. DNS spoofing is not really "black off" the other side of the site, but an imposter, bluff.
Note Three: Examples of DNS spoofing
(The story is purely fictitious):
It is a night black wind high night, but also windy, something lightning, this would like to be in a few plate of the masturbate, and make my mood is not good, so turn off the computer ready to sleep, but suddenly ah of a sound! Instantly pulled me back from the trap, in a careful listen ~ ~ ~
In the discovery is the next door hotel in love, the hell ~ ~ What do you do so loudly? How do you want me to sleep? , decided to start an invasion of the next computer ...
Preparatory work:
Next to the computer: 192.168.1.12 (the hotel is usually equipped with a Restore wizard so the computer is bare Ben (most do not install firewalls)) //victim Machine
Bring your Own notebook: 192.168.1.11 (Kali Linux system connected to the hotel's own room cable) //Intruder Machine
Gateway ip:192.168.1.1
Casing
How do I know the IP address of the computer next door?
First look at their own room number, such as 5-11 (if the 5 floor 11 rooms), in the room to see their own computer IP address, is generally 192.168.1.11
Then the next door to go out to see the house, (if it is 5-12), then the next-door IP address is 192.168.1.12 finally in Ping to explain the computer open, different, indicating that the computer is closed, or a firewall or something ...
This method is relatively dead? Of course, other methods are available, depending on your experience ...
First open the Ettercap DNS file for editing, and the file path under Kali linux2.0 is/etc/ettercap/etter.dns
Add the corresponding identity and IP address in the corresponding location * represents all domain names behind the IP address you want to spoof, here is of course my own host IP address
Then remember to save.
Then edit the/var/www/html/index.html file to your definition page here, I changed it.
Because behind we're going to start apache2 that is the Web server this is the home file, which is plainly intended to be successful after DNS spoofing
When the victim (next door Hotel two) visited the domain name to visit the site, the open page is the content of our home page file here .... Well edited---Remember to save
Now let's start the APACHE2 server (this machine as a server) by entering the command/etc/init.d/apache2 start to the terminal.
Enter the command ettercap-g to enter the Ettercap graphical interface. I like to use the graphical interface, maybe also windows play a lot of reasons, do not like Linux under the command line PS: Although looks very handsome look ...
Select NIC Unfied Sniffing---configuration
Nic Select Eth0 (depending on your computer's computer card)
Again to scan the gateway under the so-called computer host, came to the hosts option under the scan for hosts
Continue to select the hosts list to list the scanned host
You can see the list of all the machines, first select the gateway in the list to add, my gateway here is 192.18.1.1. Click Add to target 1
Here is the IP address of the victim (the sister in the next room ...). )
After you have configured it, continue clicking mitm>arp poisoning.
Select the first tick on OK
Configuration plugin Plugins>mangge the plugins
What we're going to do is DNS spoofing double-click Dns_spoof to see the hints below
Finally click Strat>start sniffing to start DNS spoofing so start working ....
Subsequent:
Next to the sister after the finished, ready to go to the computer QQ space, regardless of the opening of any site page has always been so ...
haha ~ ~ ~ story is purely fictitious ... This is the DNS spoofing, the article is here, to learn a lot ....
Ettercap DNS spoofing within LAN (next door buddy light ...)