Jump to content

Need Better Dnsspoof


Recommended Posts

I have been trying to configure dnsspoof to provide one ip on a global wildcard and another for a specific domain.

I tried with a config of: * example.com

thinking it would fall through. After a bunch of testing and finding dnsspoof.c, it appears that a wildcard overwrites all.

I am not very well versed at c++, but I think a new dnsspoof is needed that will provide the ip for the first match only, enable blacklisting on ip's and mac's of clients (so you can still get online) and of domains.

What do you guys reckon? Am I missing something? Does a better dnsspoof already exist?

Here is the source I found:


Link to comment
Share on other sites

That would be an interesting project, plus I don't think the current DNS-Spoofing utility does what you are after.

Link to comment
Share on other sites

would be interesting to see if you can assign ips a "host file" as it were that takes precedence over the standard, something i will look into another time when its not 2 am.

/etc/dsniff/dnsspoof.hosts --> Sample hosts file.[4] If no hostfile is specified, replies will forged for all address queries on the LAN with an answer of the local machine’s IP address.

never played with dns sniff, will in the morning, but perhaps there is a way to have multiple host files, and to specify specific clients access via mac or ip

basic command

# dnsspoof -f spoofhosts.txt host and udp port 53

could you do something like

# dnsspoof -f 1.txt host (client 1 ip) and udp port 53

# dnsspoof -f 2.txt host (client 2 ip) and udp port 53

something like that?

i get the following from this article


which makes me think you could in theory craft multiple host files and manually assign to targets.

edit: guess this post more for peter then op lol, the question interested me and its something i would want

Edited by sober
Link to comment
Share on other sites

I suppose I've gotten used to other tools which either:

Fall through a rule set until a match is found then quit,


Go through the rules and apply the last one that matches.

Dnsspoof seems to do the latter, (created multiple rules for the same domain, and the last ip was returned from nslookup against the pineapple) however it also places global wildcards [ *] of higher precedence than all other rules, meaning you cannot override a global wildcard.

The only method i've found so far to make it work is to make a wildcard for each tld. They dont appear to take precedence over more specific rules then.

Edited by AussieKlutz
Link to comment
Share on other sites

Hmmm.... Try putting " *example.com" before " * "

It seems the first one over rules the second, this may solve your problem...

Should look like this *example.com *

See if that works... and if you want to add more exceptions then just put those before " * " as well.

Report back please :D

Edited by Neworld
Link to comment
Share on other sites

#Neworld I have tried that one. If you write several rules that match your target domain, it is the last rule that returns... EXCEPT when you use a global wildcard. 1.com *.1.com *.com *.1.com 1.com

returns no matter what

leapole thats a good workaround, however I think I'll have a go re-implementing dnsspoof anyway. I could add more functionality then.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...