Does Dnsspoof spoof DNS requests with the IP address of the local machine?
I want to spoof all DNS requests with the IP address of my local machine.
However, running dnsspoof, all clients receive the real IP address and not the fake IP address of my host. I know I can run dns spoof using the -f option. But in this case, I just want to spoof all DNS requests with the same address of my local host.
Any ideas
root@kali:~# dnsspoof -i wlan0
dnsspoof: listening on wlan0 [udp dst port 53 and not src 192.168.1.1]
192.168.1.106.51298 > 192.168.1.1.53: 21993+ A? api-glb-bln.smoot.apple.com
192.168.1.106.60866 > 192.168.1.1.53: 65045+ A? p09-keyvalueservice.fe.apple-dns.net
192.168.1.106.55219 > 192.168.1.1.53: 29989+ A? clients1.google.com
192.168.1.106.60383 > 192.168.1.1.53: 53500+ A? gateway.fe.apple-dns.net
192.168.1.106.58017 > 192.168.1.1.53: 51772+ A? tv2.dk
192.168.1.106.49725 > 192.168.1.1.53: 43764+ A? assets.adobedtm.com
192.168.1.106.49286 > 192.168.1.1.53: 39396+ A? shared.tv2.dk
192.168.1.106.59361 > 192.168.1.1.53: 45196+ A? tv2login.dk
192.168.1.106.59450 > 192.168.1.1.53: 61943+ A? platform.twitter.com
192.168.1.106.51695 > 192.168.1.1.53: 64740+ A? cdn.optimizely.com192.168.1.106.62386 > 192.168.1.1.53: 2942+ A? static.chartbeat.com
It seems that dnsspoof needs a hosts file in order to know what address to reply with for which hostnames. In your case, you want all requests to resolve to the same address. From the manpage of Dsniff dnsspoof: -f hosts file Specify the pathname of a file in hosts(5) format. Only one hostname allowed per line (no aliases), although hostnames may contain wildcards (such as *.doubleclick.net). Note that hostnames in the hosts file can contain wildcards to match multiple names in a single line. We can use this to match all hostnames with a wildcard. Create a hosts file with the following line:
192.168.1.1 *This will result in matching all hostnames to your address, 192.168.1.1.
Note that even after doing this and running dns spoof with the -f flag, you still may run into issues, as the real DNS reply may reach the victim before yours. Other answers may help with this issue. There are also other tools that may better suit your use case, such as DNSChef.