Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dns.spoof cannot remove domain without restarting bettercap #408

Closed
SecKatie opened this issue Dec 20, 2018 · 0 comments
Closed

dns.spoof cannot remove domain without restarting bettercap #408

SecKatie opened this issue Dec 20, 2018 · 0 comments

Comments

@SecKatie
Copy link

SecKatie commented Dec 20, 2018
edited by buffermet
Loading

When I change dns.spoof.domains with set dns.spoof.domains and run dns.spoof on it works flawlessly. The problem arises when I try to change the domain to another one by running dns.spoof off and then subsequently run set dns.spoof.domains and then restart dns.spoof by going dns.spoof on. It will reply with [22:08:53] [sys.log] [inf] [dns.spoof] <thedomainhere> -> 192.168.1.202 [22:08:53] [sys.log] [inf] [dns.spoof] <anotherdomainhere> -> 192.168.1.202 this is not the behavior I want it should remove the previous domain.

Environment

Please provide:

  • Bettercap version you are using. 2.11
  • OS version and architecture you are using. macOS Mojave 10.14.2
  • Command line arguments you are using. sudo bettercup

DEBUG OUTPUT

$ sudo bettercap -debug
Password:
bettercap v2.11 (type 'help' for a list of commands)

[22:17:55] [sys.log] [dbg] FindGateway(en0) [cmd=netstat opts=[-n -r] parser=^([a-z]+)+\s+(\d+\.+\d+.\d.+\d)+\s+([a-zA-z]+)+\s+(\d+)+\s+(\d+)+\s+([a-zA-Z]+\d+)$]
[22:17:55] [sys.log] [dbg] FindGateway(en0) output:
Routing tables

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            192.168.1.1        UGSc          128     5784     en0       
127                127.0.0.1          UCS             0        0     lo0       
127.0.0.1          127.0.0.1          UH              6    16481     lo0       
169.254            link#6             UCS             0        0     en0      !
192.168.1          link#6             UCS             1        0     en0      !
192.168.1.1/32     link#6             UCS             1        0     en0      !
192.168.1.1        fc:ec:da:40:4a:ba  UHLWIir        54       18     en0   1179
192.168.1.137      4c:cc:6a:d0:17:5e  UHLWIi          1     2614     en0   1200
192.168.1.202/32   link#6             UCS             0        0     en0      !
224.0.0/4          link#6             UmCS            1        0     en0      !
224.0.0.251        1:0:5e:0:0:fb      UHmLWI          0        0     en0       
255.255.255.255/32 link#6             UCS             0        0     en0      !

Internet6:
Destination                             Gateway                         Flags         Netif Expire
default                                 fe80::%utun0                    UGcI          utun0       
default                                 fe80::%utun1                    UGcI          utun1       
::1                                     ::1                             UHL             lo0       
fe80::%lo0/64                           fe80::1%lo0                     UcI             lo0       
fe80::1%lo0                             link#1                          UHLI            lo0       
fe80::%en0/64                           link#6                          UCI             en0       
fe80::14e1:a10b:188:f0c1%en0            8c:85:90:ad:8d:a5               UHLI            lo0       
fe80::%awdl0/64                         link#11                         UCI           awdl0       
fe80::90ad:53ff:fe2d:3b1d%awdl0         92:ad:53:2d:3b:1d               UHLI            lo0       
fe80::%utun0/64                         fe80::1d89:2a55:2d04:f7fc%utun0 UcI           utun0       
fe80::1d89:2a55:2d04:f7fc%utun0         link#12                         UHLI            lo0       
fe80::%utun1/64                         fe80::a775:a796:c048:7d5c%utun1 UcI           utun1       
fe80::a775:a796:c048:7d5c%utun1         link#13                         UHLI            lo0       
ff01::%lo0/32                           ::1                             UmCI            lo0       
ff01::%en0/32                           link#6                          UmCI            en0       
ff01::%awdl0/32                         link#11                         UmCI          awdl0       
ff01::%utun0/32                         fe80::1d89:2a55:2d04:f7fc%utun0 UmCI          utun0       
ff01::%utun1/32                         fe80::a775:a796:c048:7d5c%utun1 UmCI          utun1       
ff02::%lo0/32                           ::1                             UmCI            lo0       
ff02::%en0/32                           link#6                          UmCI            en0       
ff02::%awdl0/32                         link#11                         UmCI          awdl0       
ff02::%utun0/32                         fe80::1d89:2a55:2d04:f7fc%utun0 UmCI          utun0       
ff02::%utun1/32                         fe80::a775:a796:c048:7d5c%utun1 UmCI          utun1
[22:17:55] [mod.started] net.recon
[22:17:55] [sys.log] [dbg] gateway is 192.168.1.1[fc:ec:da:40:4a:ba]
192.168.1.0/24 > 192.168.1.202  » [22:17:55] [session.started] {session.started 2018-12-19 22:17:55.506552 -0500 EST m=+0.043746901 <nil>}
192.168.1.0/24 > 192.168.1.202  » [22:17:55] [mod.started] events.stream
192.168.1.0/24 > 192.168.1.202  » [22:17:55] [mod.started] net.recon
192.168.1.0/24 > 192.168.1.202  » [22:17:55] [endpoint.new] endpoint 192.168.1.137 detected as 4c:cc:6a:d0:17:5e (Micro-Star INTL CO., LTD.).
192.168.1.0/24 > 192.168.1.202  » set [22:18:09] [endpoint.new] endpoint 192.168.1.105 detected as 40:b4:cd:54:fe:e6 (Amazon Technologies Inc.).
192.168.1.0/24 > 192.168.1.202  » set [22:18:09] [endpoint.new] endpoint 192.168.1.171 detected as bc:60:a7:c3:c4:7d (Sony Interactive Entertainment Inc.).
192.168.1.0/24 > 192.168.1.202  » set arp.spoof.targets 192.168.1.137
192.168.1.0/24 > 192.168.1.202  » set a[22:18:19] [endpoint.lost] endpoint 192.168.1.105 (Amazon Technologies Inc.) lost.
192.168.1.0/24 > 192.168.1.202  » set a[22:18:19] [endpoint.lost] endpoint 192.168.1.171 (Sony Interactive Entertainment Inc.) lost.
192.168.1.0/24 > 192.168.1.202  » arp.spoof on
[22:18:25] [sys.log] [dbg]  addresses=[192.168.1.137] macs=[] whitelisted-addresses=[] whitelisted-macs=[]
[22:18:25] [sys.log] [inf] Enabling forwarding.
[22:18:25] [mod.started] arp.spoof
192.168.1.0/24 > 192.168.1.202  » [22:18:25] [sys.log] [inf] ARP spoofer started, probing 1 targets.
192.168.1.0/24 > 192.168.1.202  » [22:18:25] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » [22:18:26] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » se[22:18:27] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns[22:18:28] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.[22:18:29] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.tar[22:18:30] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.targ[22:18:31] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.targ[22:18:32] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.[22:18:33] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.[22:18:34] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.[22:18:35] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.doma[22:18:36] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.domains [22:18:37] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.domains [22:18:38] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.domains [22:18:39] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.domains [22:18:40] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.domains [22:18:41] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.domains r[22:18:42] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.domains redd[22:18:43] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.domains reddi[22:18:44] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.domains reddit.com[22:18:45] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.domains reddit.com
192.168.1.0/24 > 192.168.1.202  » [22:18:46] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » [22:18:47] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » d[22:18:48] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » dns.sp[22:18:49] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » dns.spoof on[22:18:50] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » dns.spoof on
[22:18:50] [sys.log] [inf] [dns.spoof] reddit.com -> 192.168.1.202
[22:18:50] [sys.log] [inf] Enabling forwarding.
[22:18:50] [mod.started] dns.spoof
192.168.1.0/24 > 192.168.1.202  » [22:18:51] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » d[22:18:52] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » dns.s[22:18:53] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » dns.spoof [22:18:54] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » dns.spoof [22:18:55] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » dns.spoof [22:18:56] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » dns.spoof [22:18:57] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » dns.spoof off
[22:18:58] [mod.stopped] dns.spoof
192.168.1.0/24 > 192.168.1.202  » [22:18:58] [endpoint.new] endpoint 192.168.1.105 detected as 40:b4:cd:54:fe:e6 (Amazon Technologies Inc.).
192.168.1.0/24 > 192.168.1.202  » [22:18:58] [endpoint.new] endpoint 192.168.1.171 detected as bc:60:a7:c3:c4:7d (Sony Interactive Entertainment Inc.).
192.168.1.0/24 > 192.168.1.202  » [22:18:58] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » dn[22:18:59] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set [22:19:00] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.[22:19:01] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.ta[22:19:02] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.tar[22:19:03] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.do[22:19:04] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.domains [22:19:05] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.domains goog[22:19:06] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.domains goog.e[22:19:07] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.domains google[22:19:08] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.domains google.[22:19:09] [endpoint.lost] endpoint 192.168.1.105 (Amazon Technologies Inc.) lost.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.domains google.[22:19:09] [endpoint.lost] endpoint 192.168.1.171 (Sony Interactive Entertainment Inc.) lost.
192.168.1.0/24 > 192.168.1.202  » set dns.spoof.domains google.com
192.168.1.0/24 > 192.168.1.202  » [22:19:09] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » get[22:19:10] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » get dns[22:19:11] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » get dns.spoof.[22:19:12] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » get dns.spoof.domains 

  dns.spoof.domains: 'google.com'

192.168.1.0/24 > 192.168.1.202  » [22:19:13] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » [22:19:14] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » [22:19:15] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » dns.spoof [22:19:16] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » dns.spoof on[22:19:17] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » dns.spoof on
[22:19:17] [sys.log] [inf] [dns.spoof] reddit.com -> 192.168.1.202
[22:19:17] [sys.log] [inf] [dns.spoof] google.com -> 192.168.1.202
[22:19:17] [sys.log] [inf] Enabling forwarding.
[22:19:17] [mod.started] dns.spoof
192.168.1.0/24 > 192.168.1.202  » [22:19:18] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » [22:19:19] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » [22:19:20] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » quit[22:19:21] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202  » quit
[22:19:22] [mod.stopped] arp.spoof
[22:19:22] [sys.log] [inf] waiting for ARP spoofer to stop ...
[22:19:22] [sys.log] [inf] restoring ARP cache of 1 targets.
[22:19:22] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
[22:19:22] [mod.stopped] dns.spoof
[22:19:22] [mod.stopped] events.stream

Stopping modules and cleaning session state ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@SecKatie