Your DNS requests could be hacked and data can be captured

 

 

 

dnsattacknowproxy

A screenshot from the following Youtube video(below) – by Lenardo Ve:

This is an instructive video how DNS can be hacked and attacked. And if successful it could cause an attackers proxy system to embed itself into the web traffic of the company.

Notice that the evil proxy server that placed itself in your DNS traffic (using methods described in early part of video)  Using Metasploit, DNSMasq, and a BIND server.

Then an invisible proxy is set up using burpsuite, mitmproxy,SSLstrip, use HTML injection with BeEF and exploit kits, bounce to known servers with SSLsplit, set up fake web server by defacing or phishing.

The proxy can sniff data and capture network traffic, especially traffic that is not encrypted.

If the attacker does not want to be detected then the following need to be kept in mind:

He (Leonardo) also discusses HSTS (HTTP Strict Transport Security)  which is mentioned as a non-critical item  with regard to the attacker being found out

The SSH signatures failure could be a critical problem especially a banner problem, as it is obvious errors if the user is attempting to view the attavcc

Limitations of this method: Limited hosts interceptions, time to study IP communication matters, limited  clear text procedures.

 

How is he attacking?  using the DNS feature of high availability and load balancing.

for example he shows a sample Google request – can go to 5 DNS systems

Victim requests to router a server ip

the router sends a fake dns  server ip

Victim uses DNS A request through an attacker proxy  and the attacker’s proxy server sends the name to the real dns server.

The real dns server sends the correct response of the real server IP address.

 

 

At this point burpsuite is fired up and set up as an invisible proxy (this is how one can sniff the network traffic)

dnsimproveattack

 

This is not an easy hack, but  can be done – if one can add the attacking DNS server in the initial router requests or modify the dns tables to add your attacking server as a secondary server.

 

His tool is at https://github.com/LeonardoNve/dns2proxy

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.