I’m following Learn Python & Ethical Hacking From Scratch course and I have the same dns_spoofer code as the instructor. It looks like it runs on kali machine (although the kali web server seemed to have already been edited as "it works and even when I’m not running dns_spoofer bing…com still shows “it works :)” messeage). But when I tried to run it on my victim windows os machine, browsing bing.com doesn’t take me to “it works :)” but the page error “can’t reach this page”. I set the iptables to FORWARD and it looks like dns_spoofer is working in that it only shows the error page for bing.com but it doens’t spoof it to the intended page ("it works ). Please help
I added another line "print(scapy_packet.show() ) after modifying the DNS response packet (but before changing scapy_packet to packet) to see if the modification is right and it looks like it is.
The source looks like the DNS server (if it makes sense), the destination is the victim windows os, and the rdata has been modified to 10.0.2.15 which is my kali machine ip address. Now it doesn’t look like python problem but I think I typed everything in my terminator (like iptables --flush then iptables -I FORWARD -j NFQUEUE --queue-num 0 and service apache2 start and echo blah blah when the windows machine couldn’t access any websites)
Are you able to ping 10.0.2.15 from your Windows VM? If not, then this is a networking issue. I suppose you already have both the VMs on Bridged assuming your ARP spoof is successful. Also, check whether your web server is up or not on the Kali machine
How do I ping 10.0.2.15 from windows and see if the server is up or not? Is it the service apache2 start command?
You can use ping command in the cmd on windows. For checking whether the apache2 is up and running just run
service apache2 status and see whether it is running or not. Also, go to 10.0.2.15 on your Kali itself and see if the website is up or not?
10.0.2.15 is both up on Kali and Windows and I could ping 10.0.2.15 from windows. It used to work on Kali but not it isn’t and it looks the issue is the same as what happened in Windows (page not loading)
I suspect you are using “NAT” networking for both the Win VM and the Kali VM. Can you go to VirtualBox settings for each VM and select ONLY “Bridged” OR “NatNetwork”? Zaid mentioned using “NatNetwork” - it is more secure than using “Bridged” when testing VMs.
Also note that “NAT“ is not the same as “NatNetwork”.
First flush ipatables:
iptables --table nat --flush
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT
Enable port forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
The run the iptables command for FORWARD, clear browser’s cache on victim’s machine for ALL TIMES, then run the whole attack again.
First try it with http sites.
this worked for me
I’m having the same problem, do you have any solution now?
I was in the same issue. Is it because bing is now “HTTPS” instead of being in the “HTTP” protocol? At the time Zaid recorded his lecture, bing was in HTTP protocol.
No, it shouldn’t matter. We are spoofing the IP so the victim is opening our created Bing webpage and not the original one. It is something to do with the improper settings for the server or maybe improper ARp spoof.