Tuesday, June 4, 2013

How To Spoof DNS In Kali Linux / Facebook Phishing Page Using Social Engineering Toolkit In Kali Linux / BackTrack

Written by: Pranshu Bajpai | Find Pranshu on Google+ And LinkedIn

I was recently asked to demonstrate quickly how DNS can be spoofed using Kali Linux, and how the traffic can be forwarded to a fake phishing page. I decided to demonstrate by phishing the Facebook page and spoofing the DNS to point facebook.com to my machine's IP address where I am hosting a fake page using social engineering toolkit.

Here's the procedure:

Host a phishing page using se-toolkit: Website Attack Vectors -> Creditials Harvestor -> Clone website / Use Web Template


As you can see I used a template of Facebook and SET hosted this on my IP: at port 80.

Now I need to make sure traffic meant for facebook.com is redirected to my IP, for that I can use a DNS Spoof plugin available in ettercap

Change the contents of the file etter.dns, so the facebook.com points to your own IP.

Then load up "ettercap --g" and goto Plugins -> Manage the Plugins -> double click DNS Spoof plugin. Make sure you see the '*' next to it

Next, ARP poison all the hosts in the network, so that all the traffic passes through your machine. Start sniffing (read up on ARP poisoning if you can't understand).

Wait for the sometime. When someone tries to access facebook.com then your ettercap window will tell you 'blah_blah.facebook.com' spoofed to '<your ip>'.

At the same time in your SET window you'll see 'we got a hit!!' along with some other info. If the victim is gullible enough to enter his/her credentials on your phishing page, you'll see those details in the SET window.

But you have to play the waiting game and hold on until someone tries to access the phished website.

Disclaimer: This Post was only to demonstrate a concept; no Facebook hacking is endorsed or intended. This will only work on internal networks, that is, machines susceptible to your ARP poisoning attacks.


  1. thank you
    what about external users outside local network??
    how does it work???

    1. Uhm,i dont know... i am looking for it too

    2. NO DNS spoofing only work for LAN's, n not on WAN's

    3. Look into the Quantum Insert hack.

  2. Person above me is a terrorist. Be alert.
    How can I take this seriously with that wallpaper?

    1. Did you know that 64% of all Morrocans in the Netherlands have been in contact with the police?

    2. Holy fuck! They should exterminate them

    3. hey sir, this is Moon Cake (Hacktivist) is this work with WINDOWS XP or WINDOWS 7?.. i don't have linux...?

  3. Hey there Pranshu!

    I am an avid reader of your Blog - The Life Of A Penetration Tester - the blog is awesome. Keep up the good work man.

    Currently in 4th year B. Tech. CSE, I too, like yourself, am a Computer Security enthusiast. And I wish to pursue Penetration Testing as my career.
    But being tied up in all the college do-ado's, I am, to an extent confused about how to proceed with my career.

    Already I am a CCNA.
    How should I proceed? Should I go for more certifications? (CCNA-Security, CCSP, CEH?)
    Or should I start gaining more practical knowledge in this field? (And how to go on with that?!)

    Frankly, I have no clue about what I am going to do. But, what I do know is that Computer Security is the field for me.

    Please, some guidance would be highly appreciated.

    Apoorv Krishak

    1. Hello Apoorv, It's too early for you to be getting into certifications. Many of them are not that good for pentesting anyway and are more focused towards the info sec management. For PenTesting, you can get OSCP of offensive Security. But before all this, read and read a lot.

      CCNA is good. That's enough for now. You need to develop a solid knowledge base before you do anything else. CEH is theoretical and practically useless.

    2. I second the fact that CEH is useless... I have found more interesting shit from your page. I am currently working on my CISSPA as my work is paying for it... holy shit... The CBK can go f*ck itself as far as my brain is concerned.


  4. This comment has been removed by a blog administrator.

  5. do we have to edit microsoft.com to facebook.com? can;t we add that fb.com to last page of file?

  6. facebook page is not open in victim pc.