Replies to DNS queries with spoofed responses.

In order to receive DNS queries from other hosts other than your own and be therefore able to spoof the selected domain names, you’ll also need to activate either the arp.spoof or the dhcp6.spoof module.


dns.spoof on

Start the DNS spoofer in the background.

dns.spoof off

Stop the DNS spoofer in the background.


parameter default description
dns.spoof.domains Comma separated values of domain names to spoof.
dns.spoof.address <interface address> IP address to map the domains to.
dns.spoof.all false If true the module will reply to every DNS request, otherwise it will only reply to the one targeting the local pc.
dns.spoof.hosts If not empty, this hosts file will be used to map domains to IP addresses.


Every DNS request coming to this computer for the example.com domain will resolve to the address

> set dns.spoof.domains example.com; set dns.spoof.address; dns.spoof on

Use a hosts file instead of the dns.spoof.* parameters for multiple mappings:

> !cat ./dns.spoof.hosts facebook.com cnn.com www.google.com

> set dns.spoof.hosts ./dns.spoof.hosts; dns.spoof on