Dns spoofer "can't reach this page" on victim machine

I’m following Learn Python & Ethical Hacking From Scratch course and I have the same dns_spoofer code as the instructor. It looks like it runs on kali machine (although the kali web server seemed to have already been edited as "it works :slight_smile: and even when I’m not running dns_spoofer bing…com still shows “it works :)” messeage). But when I tried to run it on my victim windows os machine, browsing bing.com doesn’t take me to “it works :)” but the page error “can’t reach this page”. I set the iptables to FORWARD and it looks like dns_spoofer is working in that it only shows the error page for bing.com but it doens’t spoof it to the intended page ("it works :slight_smile: ). Please help :frowning:

I added another line "print(scapy_packet.show() ) after modifying the DNS response packet (but before changing scapy_packet to packet) to see if the modification is right and it looks like it is.
The source looks like the DNS server (if it makes sense), the destination is the victim windows os, and the rdata has been modified to 10.0.2.15 which is my kali machine ip address. Now it doesn’t look like python problem but I think I typed everything in my terminator (like iptables --flush then iptables -I FORWARD -j NFQUEUE --queue-num 0 and service apache2 start and echo blah blah when the windows machine couldn’t access any websites)

Are you able to ping 10.0.2.15 from your Windows VM? If not, then this is a networking issue. I suppose you already have both the VMs on Bridged assuming your ARP spoof is successful. Also, check whether your web server is up or not on the Kali machine

How do I ping 10.0.2.15 from windows and see if the server is up or not? Is it the service apache2 start command?

You can use ping command in the cmd on windows. For checking whether the apache2 is up and running just run service apache2 status and see whether it is running or not. Also, go to 10.0.2.15 on your Kali itself and see if the website is up or not?

10.0.2.15 is both up on Kali and Windows and I could ping 10.0.2.15 from windows. It used to work on Kali but not it isn’t and it looks the issue is the same as what happened in Windows (page not loading)

I suspect you are using “NAT” networking for both the Win VM and the Kali VM. Can you go to VirtualBox settings for each VM and select ONLY “Bridged” OR “NatNetwork”? Zaid mentioned using “NatNetwork” - it is more secure than using “Bridged” when testing VMs.

Also note that “NAT“ is not the same as “NatNetwork”.

First flush ipatables:

iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT

Enable port forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

The run the iptables command for FORWARD, clear browser’s cache on victim’s machine for ALL TIMES, then run the whole attack again.

First try it with http sites.

dns-spoof
this worked for me