I have a wierd problem with ettercap. Any changes I make to etter.dns are ignored by ettercap. The etter.dns file is located in /home/ettercap-0.8.0/share and I copied it to /usr/local/share/ettercap.
I am experimenting with the dns_spoof plugin. I have two machines: my ubuntu box and a ubuntu VM which is bridged (so has a 192.168.x.x address).
Here is what I do:
sudo ettercap -G
Select unified sniffing - wlan0
Hosts - select 192.168.1.1 as target 1 and 192.168.1.12 (ubuntu on VM) as target 2.
Select plug-in - dns_spoof.
Start sniffing.
Here is the ettercap output:
Randomizing 255 hosts for scanning...
Scanning the whole netmask for 255 hosts...
3 hosts added to the hosts list...
Host 192.168.1.1 added to TARGET1 [this is the gateway / router]
Host 192.168.1.12 added to TARGET2 [this is the ubuntu on the VM]
ARP poisoning victims:
GROUP 1 : 192.168.1.1
GROUP 2 : 192.168.1.12
Starting Unified sniffing...
Activating dns_spoof plugin...
Then, in the VM, I point Firefox to www.microsoft.com
dns_spoof: [www.microsoft.com] spoofed to [198.182.196.56]
This looks as if spoofing worked.
The problem is simple: although ettercap indicates that the browser in the VM is, indeed, being spoofed, the etter.dns file shows a different IP address for microsoft.com. (For the record: 198.182.196.56 does not point to linux.org any more). My etter.dns file shows:
microsoft.com A 173.194.34.147 # this is www.google.com
*.microsoft.com A 173.194.34.147
www.microsoft.com PTR 173.194.34.147 # Wildcards in PTR are not allowed
The original etter.dns showed:
################################
# microsoft sucks
# redirect it to www.linux.org
#
microsoft.com A 198.182.196.56
*.microsoft.com A 198.182.196.56
www.microsoft.com PTR 198.182.196.56 # Wildcards in PTR are not allowed
This explains where 198.182.196.56 comes from.
If I add an entry, it is ignored. So, the following will never work:
randomsite.com A 50.50.50.50
It is as if the original etter.dns has become hard-coded in ettercap and thus the program ignores changes made to the etter.dns file.
One video suggested changing the uid / gid in etter.conf to 0. I did this but it didn't help.
ec_uid = 65534 # nobody is the default
ec_gid = 65534 # nobody is the default
How can I get ettercap to accept the changes made to etter.dns? Thanks.