You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I change dns.spoof.domains with set dns.spoof.domains and run dns.spoof on it works flawlessly. The problem arises when I try to change the domain to another one by running dns.spoof off and then subsequently run set dns.spoof.domains and then restart dns.spoof by going dns.spoof on. It will reply with [22:08:53] [sys.log] [inf] [dns.spoof] <thedomainhere> -> 192.168.1.202 [22:08:53] [sys.log] [inf] [dns.spoof] <anotherdomainhere> -> 192.168.1.202 this is not the behavior I want it should remove the previous domain.
Environment
Please provide:
Bettercap version you are using. 2.11
OS version and architecture you are using. macOS Mojave 10.14.2
Command line arguments you are using. sudo bettercup
DEBUG OUTPUT
$ sudo bettercap -debug
Password:
bettercap v2.11 (type 'help' for a list of commands)
[22:17:55] [sys.log] [dbg] FindGateway(en0) [cmd=netstat opts=[-n -r] parser=^([a-z]+)+\s+(\d+\.+\d+.\d.+\d)+\s+([a-zA-z]+)+\s+(\d+)+\s+(\d+)+\s+([a-zA-Z]+\d+)$]
[22:17:55] [sys.log] [dbg] FindGateway(en0) output:
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 128 5784 en0
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 6 16481 lo0
169.254 link#6 UCS 0 0 en0 !
192.168.1 link#6 UCS 1 0 en0 !
192.168.1.1/32 link#6 UCS 1 0 en0 !
192.168.1.1 fc:ec:da:40:4a:ba UHLWIir 54 18 en0 1179
192.168.1.137 4c:cc:6a:d0:17:5e UHLWIi 1 2614 en0 1200
192.168.1.202/32 link#6 UCS 0 0 en0 !
224.0.0/4 link#6 UmCS 1 0 en0 !
224.0.0.251 1:0:5e:0:0:fb UHmLWI 0 0 en0
255.255.255.255/32 link#6 UCS 0 0 en0 !
Internet6:
Destination Gateway Flags Netif Expire
default fe80::%utun0 UGcI utun0
default fe80::%utun1 UGcI utun1
::1 ::1 UHL lo0
fe80::%lo0/64 fe80::1%lo0 UcI lo0
fe80::1%lo0 link#1 UHLI lo0
fe80::%en0/64 link#6 UCI en0
fe80::14e1:a10b:188:f0c1%en0 8c:85:90:ad:8d:a5 UHLI lo0
fe80::%awdl0/64 link#11 UCI awdl0
fe80::90ad:53ff:fe2d:3b1d%awdl0 92:ad:53:2d:3b:1d UHLI lo0
fe80::%utun0/64 fe80::1d89:2a55:2d04:f7fc%utun0 UcI utun0
fe80::1d89:2a55:2d04:f7fc%utun0 link#12 UHLI lo0
fe80::%utun1/64 fe80::a775:a796:c048:7d5c%utun1 UcI utun1
fe80::a775:a796:c048:7d5c%utun1 link#13 UHLI lo0
ff01::%lo0/32 ::1 UmCI lo0
ff01::%en0/32 link#6 UmCI en0
ff01::%awdl0/32 link#11 UmCI awdl0
ff01::%utun0/32 fe80::1d89:2a55:2d04:f7fc%utun0 UmCI utun0
ff01::%utun1/32 fe80::a775:a796:c048:7d5c%utun1 UmCI utun1
ff02::%lo0/32 ::1 UmCI lo0
ff02::%en0/32 link#6 UmCI en0
ff02::%awdl0/32 link#11 UmCI awdl0
ff02::%utun0/32 fe80::1d89:2a55:2d04:f7fc%utun0 UmCI utun0
ff02::%utun1/32 fe80::a775:a796:c048:7d5c%utun1 UmCI utun1
[22:17:55] [mod.started] net.recon
[22:17:55] [sys.log] [dbg] gateway is 192.168.1.1[fc:ec:da:40:4a:ba]
192.168.1.0/24 > 192.168.1.202 » [22:17:55] [session.started] {session.started 2018-12-19 22:17:55.506552 -0500 EST m=+0.043746901 <nil>}
192.168.1.0/24 > 192.168.1.202 » [22:17:55] [mod.started] events.stream
192.168.1.0/24 > 192.168.1.202 » [22:17:55] [mod.started] net.recon
192.168.1.0/24 > 192.168.1.202 » [22:17:55] [endpoint.new] endpoint 192.168.1.137 detected as 4c:cc:6a:d0:17:5e (Micro-Star INTL CO., LTD.).
192.168.1.0/24 > 192.168.1.202 » set [22:18:09] [endpoint.new] endpoint 192.168.1.105 detected as 40:b4:cd:54:fe:e6 (Amazon Technologies Inc.).
192.168.1.0/24 > 192.168.1.202 » set [22:18:09] [endpoint.new] endpoint 192.168.1.171 detected as bc:60:a7:c3:c4:7d (Sony Interactive Entertainment Inc.).
192.168.1.0/24 > 192.168.1.202 » set arp.spoof.targets 192.168.1.137
192.168.1.0/24 > 192.168.1.202 » set a[22:18:19] [endpoint.lost] endpoint 192.168.1.105 (Amazon Technologies Inc.) lost.
192.168.1.0/24 > 192.168.1.202 » set a[22:18:19] [endpoint.lost] endpoint 192.168.1.171 (Sony Interactive Entertainment Inc.) lost.
192.168.1.0/24 > 192.168.1.202 » arp.spoof on
[22:18:25] [sys.log] [dbg] addresses=[192.168.1.137] macs=[] whitelisted-addresses=[] whitelisted-macs=[]
[22:18:25] [sys.log] [inf] Enabling forwarding.
[22:18:25] [mod.started] arp.spoof
192.168.1.0/24 > 192.168.1.202 » [22:18:25] [sys.log] [inf] ARP spoofer started, probing 1 targets.
192.168.1.0/24 > 192.168.1.202 » [22:18:25] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » [22:18:26] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » se[22:18:27] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns[22:18:28] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.[22:18:29] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.tar[22:18:30] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.targ[22:18:31] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.targ[22:18:32] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.[22:18:33] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.[22:18:34] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.[22:18:35] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.doma[22:18:36] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.domains [22:18:37] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.domains [22:18:38] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.domains [22:18:39] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.domains [22:18:40] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.domains [22:18:41] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.domains r[22:18:42] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.domains redd[22:18:43] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.domains reddi[22:18:44] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.domains reddit.com[22:18:45] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.domains reddit.com
192.168.1.0/24 > 192.168.1.202 » [22:18:46] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » [22:18:47] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » d[22:18:48] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » dns.sp[22:18:49] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » dns.spoof on[22:18:50] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » dns.spoof on
[22:18:50] [sys.log] [inf] [dns.spoof] reddit.com -> 192.168.1.202
[22:18:50] [sys.log] [inf] Enabling forwarding.
[22:18:50] [mod.started] dns.spoof
192.168.1.0/24 > 192.168.1.202 » [22:18:51] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » d[22:18:52] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » dns.s[22:18:53] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » dns.spoof [22:18:54] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » dns.spoof [22:18:55] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » dns.spoof [22:18:56] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » dns.spoof [22:18:57] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » dns.spoof off
[22:18:58] [mod.stopped] dns.spoof
192.168.1.0/24 > 192.168.1.202 » [22:18:58] [endpoint.new] endpoint 192.168.1.105 detected as 40:b4:cd:54:fe:e6 (Amazon Technologies Inc.).
192.168.1.0/24 > 192.168.1.202 » [22:18:58] [endpoint.new] endpoint 192.168.1.171 detected as bc:60:a7:c3:c4:7d (Sony Interactive Entertainment Inc.).
192.168.1.0/24 > 192.168.1.202 » [22:18:58] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » dn[22:18:59] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set [22:19:00] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.[22:19:01] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.ta[22:19:02] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.tar[22:19:03] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.do[22:19:04] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.domains [22:19:05] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.domains goog[22:19:06] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.domains goog.e[22:19:07] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.domains google[22:19:08] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.domains google.[22:19:09] [endpoint.lost] endpoint 192.168.1.105 (Amazon Technologies Inc.) lost.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.domains google.[22:19:09] [endpoint.lost] endpoint 192.168.1.171 (Sony Interactive Entertainment Inc.) lost.
192.168.1.0/24 > 192.168.1.202 » set dns.spoof.domains google.com
192.168.1.0/24 > 192.168.1.202 » [22:19:09] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » get[22:19:10] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » get dns[22:19:11] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » get dns.spoof.[22:19:12] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » get dns.spoof.domains
dns.spoof.domains: 'google.com'
192.168.1.0/24 > 192.168.1.202 » [22:19:13] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » [22:19:14] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » [22:19:15] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » dns.spoof [22:19:16] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » dns.spoof on[22:19:17] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » dns.spoof on
[22:19:17] [sys.log] [inf] [dns.spoof] reddit.com -> 192.168.1.202
[22:19:17] [sys.log] [inf] [dns.spoof] google.com -> 192.168.1.202
[22:19:17] [sys.log] [inf] Enabling forwarding.
[22:19:17] [mod.started] dns.spoof
192.168.1.0/24 > 192.168.1.202 » [22:19:18] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » [22:19:19] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » [22:19:20] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » quit[22:19:21] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
192.168.1.0/24 > 192.168.1.202 » quit
[22:19:22] [mod.stopped] arp.spoof
[22:19:22] [sys.log] [inf] waiting for ARP spoofer to stop ...
[22:19:22] [sys.log] [inf] restoring ARP cache of 1 targets.
[22:19:22] [sys.log] [dbg] Sending 60 bytes of ARP packet to 192.168.1.137:4c:cc:6a:d0:17:5e.
[22:19:22] [mod.stopped] dns.spoof
[22:19:22] [mod.stopped] events.stream
Stopping modules and cleaning session state ...
The text was updated successfully, but these errors were encountered:
When I change dns.spoof.domains with set dns.spoof.domains and run dns.spoof on it works flawlessly. The problem arises when I try to change the domain to another one by running dns.spoof off and then subsequently run set dns.spoof.domains and then restart dns.spoof by going dns.spoof on. It will reply with
[22:08:53] [sys.log] [inf] [dns.spoof] <thedomainhere> -> 192.168.1.202 [22:08:53] [sys.log] [inf] [dns.spoof] <anotherdomainhere> -> 192.168.1.202
this is not the behavior I want it should remove the previous domain.Environment
Please provide:
DEBUG OUTPUT
The text was updated successfully, but these errors were encountered: