dns2proxy is an offensive DNS server that offers various features for post-exploitation once you’ve changed the DNS server of a victim.
It’s very frequently used in combination with sslstrip.
- Traditional DNS Spoofing
- Implements DNS Spoofing via Forwarding
- Detects and corrects changes for sslstrip to work
spoof.cfg config file with the format:
root@kali:~/dns2proxy# echo “www.s21sec.com 126.96.36.199” > spoof.cfg
// launch in another terminal dns2proxy.py
Or you can use
domains.cfg file to spoof all hosts of a domain (wildcard):
root@kali:~/demoBH/dns2proxy# cat dominios.cfg
nospoof.cfg will not be spoofed.
domains.cfg – resolve all hosts/subdomains for the listed domains with the given IP.
.facebook.com 188.8.131.52 .fbi.gov 184.108.40.206
spoof.cfg – Spoof a single host with a given IP.
nospoof.cfg – Send always a legit response when responding for these hosts.
nospoofto.cfg – Don’t send fake responses to the IPs listed there.
victims.cfg – If not empty, only send fake responses to these IP addresses.
resolv.conf DNS server to forward legitimate queries to.
You can download dns2proxy here:
Or read more here.