Results 1 to 2 of 2

Thread: Ettercap refuses to obey etter.dns file!

  1. 2014-05-06 #1
    larry_man
    larry_man is offline Junior Member
    Join Date
    2014-May
    Posts
    3

    Ettercap refuses to obey etter.dns file!

    I have a wierd problem with ettercap. Any changes I make to etter.dns are ignored by ettercap. The etter.dns file is located in /home/ettercap-0.8.0/share and I copied it to /usr/local/share/ettercap.

    I am experimenting with the dns_spoof plugin. I have two machines: my ubuntu box and a ubuntu VM which is bridged (so has a 192.168.x.x address).

    Here is what I do:

    sudo ettercap -G
    Select unified sniffing - wlan0
    Hosts - select 192.168.1.1 as target 1 and 192.168.1.12 (ubuntu on VM) as target 2.
    Select plug-in - dns_spoof.
    Start sniffing.

    Here is the ettercap output:

    Randomizing 255 hosts for scanning...
    Scanning the whole netmask for 255 hosts...
    3 hosts added to the hosts list...
    Host 192.168.1.1 added to TARGET1 [this is the gateway / router]
    Host 192.168.1.12 added to TARGET2 [this is the ubuntu on the VM]

    ARP poisoning victims:

    GROUP 1 : 192.168.1.1

    GROUP 2 : 192.168.1.12

    Starting Unified sniffing...

    Activating dns_spoof plugin...

    Then, in the VM, I point Firefox to www.microsoft.com

    dns_spoof: [www.microsoft.com] spoofed to [198.182.196.56]

    This looks as if spoofing worked.

    The problem is simple: although ettercap indicates that the browser in the VM is, indeed, being spoofed, the etter.dns file shows a different IP address for microsoft.com. (For the record: 198.182.196.56 does not point to linux.org any more). My etter.dns file shows:

    microsoft.com A 173.194.34.147 # this is www.google.com
    *.microsoft.com A 173.194.34.147
    www.microsoft.com PTR 173.194.34.147 # Wildcards in PTR are not allowed

    The original etter.dns showed:

    ################################
    # microsoft sucks
    # redirect it to www.linux.org
    #
    microsoft.com A 198.182.196.56
    *.microsoft.com A 198.182.196.56
    www.microsoft.com PTR 198.182.196.56 # Wildcards in PTR are not allowed

    This explains where 198.182.196.56 comes from.

    If I add an entry, it is ignored. So, the following will never work:

    randomsite.com A 50.50.50.50

    It is as if the original etter.dns has become hard-coded in ettercap and thus the program ignores changes made to the etter.dns file.

    One video suggested changing the uid / gid in etter.conf to 0. I did this but it didn't help.

    ec_uid = 65534 # nobody is the default
    ec_gid = 65534 # nobody is the default

    How can I get ettercap to accept the changes made to etter.dns? Thanks.
  2. 2014-05-06 #2
    larry_man
    larry_man is offline Junior Member
    Join Date
    2014-May
    Posts
    3

    I've found the solution.

    I needed to edit the file in /etc/ettercap/etter.conf
    Last edited by g0tmi1k; 2014-05-08 at 09:35.

Similar Threads

  1. Ettercap problem with etter.conf file !
    By forwin in forum General Archive
    Replies: 1
    Last Post: 2017-04-25, 16:31
  2. Grub refuses to install
    By Alpha-moe in forum Installing Archive
    Replies: 1
    Last Post: 2015-08-22, 10:04
  3. Missing etter.conf file for ettercap in kali linux 64x
    By wikitjuggla in forum General Archive
    Replies: 2
    Last Post: 2015-06-22, 17:43

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules