Jump to content

Backtrack 5 r3 spoofd DNS on wifi network and SET/ETTERCAP


Recommended Posts

Hello all,

I am having an issue with DNS spoofing in backtrack 5 r3 ove rmy wireless interface.

My attacking computer is a hp pavilion laptop with 2 gigs of ram, x64 processor, backtrack 5 r3, and my wireless card is a Atheros AR2425 with driver ath5k.

My victim computer is a windows 7 serv pack 1 box with kasperski antivirus (turned off) and firewall down.

I first modified my set_config file to set ETTERCAP=ON and the ETTERCAP_INTERFACE=wlan0.

I then ran SET and chose >Social-Engineering Attacks>Website Attack Vectors>Java Applet Attack Method>Site Cloner>Nat/protforwarding NO>Ip addy for reverse connection"">url to clone: http://www.google.com>Windows'>http://www.google.com>Windows Reverse_TCP Meterpreter>Backdoored Executable>Port 443>It tells me Arp Cache Poisoning is ON>Site to redirect: http://www.google.com>Says'>http://www.google.com>Says its launching attack,loads up metasploit and starts two listners.

At this point when I browse to http://www.google.com on my victim computer using ie it simply loads the real google website. Now if I type my subnet ip for the attackign computer SET is hosting the server on it will take me to the fake page and the java applet will appear and work when clicked.

My problem is it does not seem to be redirectiong traffic on my wifi network to the fake site when i try to go to the real one.

I have tried doing this the old way as well and turning off ETTERCAP inside the SET_config file. I then would launch my fake site in SET and then edit the ETTER.dns file wif the website connect info and my attacker ip. This did not work either.

I have also apt-get updated and upgraded backtrack, as well as msfupdate for metasploit and svn updates for set and ettercap.

What could I be missing about getting Ettercap to redirect my network traffic? Thank you for your help and let me know if there is any more information you need to help you trouble shoot this issue!

Link to comment
Share on other sites

  • 5 months later...

Hi Geoff, I'm having a similar problem, only I am using ettercap directly from the command line. It simply does not redirect any traffic, I noticed that the /usr/share/ettercap/etter.dns file does not exist to begin with and I had to create it. not sure whats going on here :(

Link to comment
Share on other sites

Why are you still using backtrack? It is no longer being developed. Try Kali (Offensive Securities new project) http://www.kali.org/.

EDIT: just read the post date...

Edited by newbi3
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...