dns2proxy is an offensive DNS server that offers various features for post-exploitation once you’ve changed the DNS server of a victim.
It’s very frequently used in combination withsslstrip.
spoof.cfg config file with the format:
root@kali:~/dns2proxy# echo "www.s21sec.com 18.104.22.168" > spoof.cfg // launch in another terminal dns2proxy.py root@kali:~/dns2proxy# nslookup www.s21sec.com 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 Name: www.s21sec.com Address: 22.214.171.124 Name: www.s21sec.com Address: 126.96.36.199
Or you can use
domains.cfg file to spoof all hosts of a domain (wildcard):
root@kali:~/demoBH/dns2proxy# cat dominios.cfg .domain.com 192.168.1.1 root@kali:~/demoBH/dns2proxy# nslookup aaaa.domain.com 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 Name: aaaa.domain.com Address: 192.168.1.1
nospoof.cfg will not be spoofed.
domains.cfg – resolve all hosts/subdomains for the listed domains with the given IP.
.facebook.com 188.8.131.52 .fbi.gov 184.108.40.206
spoof.cfg – Spoof a single host with a given IP.
nospoof.cfg – Send always a legit response when responding for these hosts.
nospoofto.cfg – Don’t send fake responses to the IPs listed there.
victims.cfg – If not empty, only send fake responses to these IP addresses.
resolv.conf DNS server to forward legitimate queries to.
You can download dns2proxy here:
Or read more here .