DNS Hijacking Is A Process Of Transferring All The Traffic Of A Particular Domain Name To Your Server.
If you don’t know what DNS Hijackin is,
What Is DNS Hijacking?
DNS hijacking is a malicious exploit in which a hacker
or other party redirects users through the use of a
rogue DNS server or other strategy that changes the IP
address to which an Internet user is redirected. DNS
hijacking can leave users unaware of where they are
going in terms of using specific servers during an
Internet session.
Today You Will Know How To Hack Domain
Name,
If You Have Hacked A Domain Name Then Whole Traffic Of That Domain Will Be Redirected To Your
Server,Website..
This Is An Introduction To DNS Poisoning Which Also
Includes An Example Of Quite A Nifty Application Of It
Using The IP Experiment.
Things That We Need :-
>A computer running Linux (Ubuntu in my case)
>A basic understanding of how the Domain Name System (DNS) Works
Why DNS?
The DNS Provides A Way For Computers To Translate The
Domain Names We See To The Physical IPs They
Represent. When You Load A Webpage, Your Browser Will
Ask Its DNS Server For The IP Of The Host You Requested,
And The Server Will Respond. Your Browser Will Then
Request The Webpage From The Server With The IP
Address That The DNS Server Supplied.
If We Can Find A Way To Tell The Client The Wrong IP
Address, And Give Them The IP Of A Malicious Server
Instead, We Can Do Some Damage.
Malicious DNS Server
So If We Want To Send Clients To A Malicious Web Server, First We Need To Tell Them Its IP And So We Need To Setup A Malicious DNS Server.
The Server I’ve Selected Is dnsmasq – Its Lightweight And The Only One That Works For This Purpose [That I’ve Found]
To Install dnsmasq On Ubuntu, Run sudo apt-get install
dnsmasq, Or On Other Distributions Of Linux, Use The
Appropriate Package Manager.
Once You’ve Installed It You Can Go And Edit The
Configuration File (/etc/dnsmasq.conf)
sudo gedit /etc/dnsmasq.conf
The Values In There Should Be Sufficient For Most Purposes. What We Want To Do Is Hard-Code Some IPs For Certain Servers We Want To Spoof.
The Format Of This Is address=/HOST/IP
So For example;
address=/facebook.com/00.00.00.00
where 00.00.00.00 Is The IP Of Your Malicious Web Server.
Save The File And Restart dnsmasq By Running
sudo /etc/init.d/dnsmasq restart
You Now Have A DNS Server Running Which Will Redirect
Requests For Facebook.com to 00.00.00.00
Malicious Web Server
You Probably Already Have A Web Server Installed.
If Not, Install apache. This Is Pretty Basic, So I Won’t
Cover It Here.
There Are A Couple Of Things You Can Do With The Web
Server. It Will Be Getting All The Traffic Intended For The
Original Website, So The Most Likely Cause Of Action
Would Be To Set Up Some Sort Of Phishing Site
I’ll Presume You Know How To Do Thar Though Another Alternative Is Set Up Some Sort Of Transparent Proxy Which Logs All Activity.
If You Liked This Post Then Share It With Your Friends!
Way cool! Some very valid points! I appreciate you writing this post and also the rest of the website is also very good.
Whoa! This blog looks just like my old one! It’s on a entirely different topic but it has pretty much the same layout and design. Wonderful choice of colors!
Wow, marvelous weblog structure! How lengthy have you ever been blogging for?
you make blogging glance easy. The full glance of your site is
fantastic, as smartly as the content!