Summary & Introduction
The objective for this particular assignment is to create a simple DNS spoofing application using Ruby or any other preferred language. With the supplied module on the DNS protocol, design and framework for basic DNS manipulation, we are to create a DNS spoofing application as a proof of concept (POC). Website spoofing is the main functionality that the program requires.
There are a few constraints and they are as follows:
- Detect DNS queries and respond with crafted Response answer that points victim to a user (attacker) specified site
- Need to be able to handle any arbitrary domain name and return spoofed Response
- Tests will only be conducted on our own machines and not carry out any DNS spoofing on unsuspecting users
Design
Much of the provided ARP spoof examples were preserved with the exception of hard coding the source and destination IP/MAC addresses, etc. This is made possible by using the Utils class from the PacketFu library. Aside from spoofing the ARP, extra functionality is to be required including the capturing of DNS traffic, extracting the domain name, and replying with a crafted response that can redirect the victim to a malicious counterpart of a popular website.
Diagram
Check out the full source code on GitHub.