Skip to content
/ spoofshifter Public

SpoofShifter is a DNS spoofing tool designed for ethical hacking and penetration testing. It intercepts DNS requests and redirects target users to a malicious IP by manipulating network traffic using netfilterqueue and Scapy. This tool helps demonstrate DNS spoofing attacks in a controlled environment for security testing purposes.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

anishalx/spoofshifter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
spoofshifter.py
spoofshifter.py
 
 

Repository files navigation

SpoofShifter

SpoofShifter is a lightweight and powerful DNS spoofing tool designed for ethical hackers and penetration testers. Written in Python, it leverages the Scapy library to manipulate DNS responses, allowing attackers to redirect DNS queries to a specified IP. When used in combination with ARP spoofing, SpoofShifter can perform effective Man-in-the-Middle (MitM) attacks, redirecting traffic seamlessly.

Features

  • Real-time DNS spoofing for specified domains.
  • Efficient packet manipulation with Scapy.
  • Ability to target specific DNS queries (e.g., redirect www.google.com).
  • Easy integration with ARP spoofing for comprehensive network attacks.
  • Lightweight and simple command-line interface.

Requirements

Before running SpoofShifter, ensure that the following dependencies are installed:

System Dependencies:

sudo apt-get update
sudo apt-get install libnetfilter-queue-dev

Pyhton Libraries:

pip install netfilterqueue scapy

Setup and Usage

  1. Run iptables Rule: Redirect the network traffic to the NFQUEUE by running the following command:
sudo iptables -I FORWARD -j NFQUEUE --queue-num 0

  1. Set Up ARP Spoofing: Run an ARP spoofing tool to intercept and manipulate traffic between the target and the router.

  2. Execute SpoofShifter: Run the Python script to start DNS spoofing:

sudo python spoofshifter.py

The script will listen for DNS queries and spoof the specified domain (e.g., www.google.com) by returning a fake IP address.

How it Works

  • Packet Interception: SpoofShifter captures network packets using netfilterqueue and processes them.
  • DNS Manipulation: It inspects DNS requests and modifies the response for specific domains to redirect them to a fake IP.
  • Automatic Packet Correction: After modifying the DNS response, SpoofShifter recalculates the packet length and checksum to ensure the altered packets are valid.

Code Breakdown

  • NetfilterQueue: Used to capture and modify packets.
  • Scapy: Handles packet manipulation and DNS spoofing.
  • Process Flow: The script inspects DNS requests and sends spoofed responses to hijack the target's web traffic.

Usage

  1. Clone the repository:
git clone https://github.com/anishalx/spoofshifter.git
cd SpoofShifter
  1. Run the script:
sudo python3 spoofshifter.py
  1. Stop iptables rule: After the session, clear the iptables rule:
sudo iptables --flush

Disclaimer

This tool is intended for educational purposes only. Do not use it on networks without proper authorization. The developers are not responsible for any misuse of this tool.

License

This project is licensed under the MIT License. See the LICENSE file for more details.

About

SpoofShifter is a DNS spoofing tool designed for ethical hacking and penetration testing. It intercepts DNS requests and redirects target users to a malicious IP by manipulating network traffic using netfilterqueue and Scapy. This tool helps demonstrate DNS spoofing attacks in a controlled environment for security testing purposes.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages