While performing an internal penetration test you have already positioned yourself as a man-in-the-middle by carrying out ARP poisoning between employee workstations and the default gateway on a switched network. You now want every query for any internal host ending in ".corp.local" to resolve to the IP address 10.10.10.200 so users are silently redirected to your rogue web server, without altering the organization's DNS infrastructure. Which built-in Ettercap plugin should you enable to perform this real-time DNS poisoning on the fly?
Enable the autoadd plugin to automatically add *.corp.local queries to the target list for capture.
Activate the remote_browser plugin to relay requested URLs to your system and modify them on the fly.
Load the dns_spoof plugin and supply an edited etter.dns file that maps *.corp.local to 10.10.10.200.
Use the grep plugin to search for *.corp.local in DNS traffic and respond with forged answers manually.
Ettercap includes several loadable plugins that can be activated once an ARP poisoning session is in place. The plugin named dns_spoof monitors intercepted DNS request packets, matches them against entries placed in the attacker's local etter.dns file, and then forges spoofed DNS responses that map the targeted hostnames to an IP address chosen by the attacker. Because the forged reply is injected directly on the wire from the man-in-the-middle position, no changes to the victim's configured DNS server are required. Other plugins such as autoadd (which just adds hosts to the target list), remote_browser (which opens captured URLs in the attacker's browser), and grep (which searches packets for strings) do not craft or inject spoofed DNS answers, so they would not achieve the objective.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is ARP poisoning and how does it work?
Open an interactive chat with Bash
What role does the `etter.dns` file play in DNS spoofing?
Open an interactive chat with Bash
What is the dns_spoof plugin and how does it differ from other Ettercap plugins?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Network and Perimeter Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .