dns2proxy – Offensive DNS server



dns2proxy is an offensive DNS server that offers various features for post-exploitation once you’ve changed the DNS server of a victim.

dns2proxy - Offensive DNS server

It’s very frequently used in combination with sslstrip.


  • Traditional DNS Spoofing
  • Implements DNS Spoofing via Forwarding
  • Detects and corrects changes for sslstrip to work


Using the spoof.cfg config file with the format:

Or you can use domains.cfg file to spoof all hosts of a domain (wildcard):

Hostnames at nospoof.cfg will not be spoofed.

Config Files

domains.cfg – resolve all hosts/subdomains for the listed domains with the given IP.

spoof.cfg – Spoof a single host with a given IP.

nospoof.cfg – Send always a legit response when responding for these hosts.

nospoofto.cfg – Don’t send fake responses to the IPs listed there.

victims.cfg – If not empty, only send fake responses to these IP addresses.

resolv.conf DNS server to forward legitimate queries to.

You can download dns2proxy here:


Or read more here.


Source link

Leave a comment