############################################################################ # # # ettercap -- etter.dns -- host file for dns_spoof plugin # # # # Copyright (C) ALoR & NaGA # # # # This program is free software; you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # # the Free Software Foundation; either version 2 of the License, or # # (at your option) any later version. # # # ############################################################################ # # # Sample hosts file for dns_spoof plugin # # # # the format is (for A query): # # www.myhostname.com A 168.11.22.33 # # *.foo.com A 168.44.55.66 # # # # ... for a AAAA query (same hostname allowed): # # www.myhostname.com AAAA 2001:db8::1 # # *.foo.com AAAA 2001:db8::2 # # # # or to skip a protocol family (useful with dual-stack): # # www.hotmail.com AAAA :: # # www.yahoo.com A 0.0.0.0 # # # # or for PTR query: # # www.bar.com PTR 10.0.0.10 # # www.google.com PTR ::1 # # # # or for MX query (either IPv4 or IPv6): # # domain.com MX xxx.xxx.xxx.xxx # # domain2.com MX xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx # # domain3.com MX xxxx:xxxx::y # # # # or for WINS query: # # workgroup WINS 127.0.0.1 # # PC* WINS 127.0.0.1 # # # # or for SRV query (either IPv4 or IPv6): # # service._tcp|_udp.domain SRV 192.168.1.10:port # # service._tcp|_udp.domain SRV [2001:db8::3]:port # # # # NOTE: the wildcarded hosts can't be used to poison the PTR requests # # so if you want to reverse poison you have to specify a plain # # host. (look at the www.microsoft.com example) # # # ############################################################################ ################################ # microsoft sucks ;) # redirect it to www.linux.org # microsoft.com A 198.182.196.56 *.microsoft.com A 198.182.196.56 www.microsoft.com PTR 198.182.196.56 # Wildcards in PTR are not allowed ########################################## # no one out there can have our domains... # www.alor.org A 127.0.0.1 www.naga.org A 127.0.0.1 www.naga.org AAAA 2001:db8::2 ########################################## # dual stack enabled hosts does not make life easy # force them back to single stack www.ietf.org A 127.0.0.1 www.ietf.org AAAA :: www.example.org A 0.0.0.0 www.example.org AAAA ::1 ############################################### # one day we will have our ettercap.org domain # www.ettercap.org A 127.0.0.1 www.ettercap-project.org A 127.0.0.1 ettercap.sourceforge.net A 216.136.171.201 www.ettercap.org PTR ::1 ############################################### # some MX examples # alor.org MX 127.0.0.1 naga.org MX 127.0.0.1 example.org MX 127.0.0.2 microsoft.com MX 2001:db8::1ce:c01d:bee3 ############################################### # This messes up NetBIOS clients using DNS # resolutions. I.e. Windows/Samba file sharing. # LAB-PC* WINS 127.0.0.1 ############################################### # some service discovery examples xmpp-server._tcp.jabber.org SRV 192.168.1.10:5269 ldap._udp.mynet.com SRV [2001:db8:c001:beef::1]:389 # vim:ts=8:noexpandtab