Home

As mentinoned, this is a program and accompanying libraries that implements DNS spoofing.

The program has two components to it -- there is obviously the part that deals with DNS spoofing, but in order to make that work over a switched network, we also need to implement ARP cache poisoning. The second part takes care of that for each of the victims.

On the DNS side, we first capture the incoming packet using libpcap. Then, we construct a new packet based off of the received packet that contains the reply. Once we have the reply data, we have to adjust ethernet, IP, UDP, and DNS headers in order to reverse it's direction back to the victim.

The ARP side is initialized once the targets have been identified. On initialization, this part tries to get the hardware addresses of each of the victims. Once these have been identified, we spawn off a separate thread that sends ARP reply packets to each of the victims every 2 seconds.