This article will be served as a foundation for my next article, that is, “Advanced Level Facebook Phishing” and hence I would recommend you to read this thoroughly and try to understand how this works. This tutorial will explain How does DNS Hijacking Works and we’ll hijack the domain such that when you type ‘www.google.com’ you will be redirected to ‘www.facebook.com’. But before that let’s take a look at how did all this started.
Well, we all know that domain names make it easy for the web users to remember the websites as it replaces the lengthy complicated static IP address of a website into a simple domain name.
Confused…??? What does that really mean?
Here is what I wish to say in simple words. Every device that is connected to the internet is provided with an IP (32 bit number in binary for IPv4 and 128 bits in hex for IPv6) and hence it serves as an address to internet users for the sake of communication among the computers. Generally, the users connected to internet are provided with a dynamic IP address, i.e. every time the users are connected back to the internet they will be allotted with a new IP address. But for those computers which serve as a web server for websites are allotted with a static IP that is provided by the ISP. A static IP address is unlike dynamic IP address, it remains with a persistent IP address. For an average user it would be very difficult to remember the IP addresses that correspond to their respected websites, therefore a “Domain Name” was given to each and every IP which would read out as a name.
For example, “www.facebook.com” serves as a domain name for IP address “220.127.116.11”. This makes it very easy to remember the web address.
Therefore, earlier, users had to download a file called “HOSTS.TXT” from the servers of Stanford Research Institute which would contain the list of domain names that corresponded to their respected IP addresses. Hence users had to download the hosts file every time they used to connect to the internet to have an updated list of domain names.
There was a major security problem with this kind of system, people with some basic knowledge of manipulating files with code could easily manipulate the hosts file of the victim with the help of a malware and in turn landing victim to an affected webpage the attacker wants him to. Further, an executable would be launched which the attacker would have setup in that page. This attack was named as domain name hijacking.
Therefore to defend such attacks, “Name servers” were introduced to implement “Domain Name System (DNS)” which were also known as DNS servers. These DNS servers were put up in the year 1983 to replace the host file and to further sophisticate the service of web access through domain names.
That was all about the history, now let’s get into the real task. That is, we have to make our browser redirect to facebook when we type in google.com in the address bar. Well, before moving forward let me tell you this. The earlier Domain Name System which had implemented the HOSTS file to redirect user to a particular IP address works even today. Traditionally, the HOSTS file in Windows is located at C:/Windows/System32/drivers/etc/hosts and in Unix systems it is situated in /etc/hosts. So that means, you can edit your host file to redirect yourself to facebook when you type google.com in the browser address bar.
All you have to do is, figure out the IP address of facebook by pinging it through your command prompt and then place it corresponding to the address www.google.com.
Obtaining Facebook IP address:
- Make sure you have an internet connection and then open ‘Command Prompt’.
- Type ‘ping www.facebook.com’
- Note the IP address as depicted in the image below.
Manipulating ‘hosts’ file:
- Take the permissions to modify the file by right clicking the file then navigating to ‘Properties’ > ‘Security’ tab > Tick ‘Full Control’ for all users > Click ‘OK’. Or just follow as shown below.
UNIX users do not need to take any permissions over the file, they can be opened in gedit or vimeditor using sudo command.
- Open ‘HOSTS’ file situated at C:/Windows/System32/drivers/etc/hosts in notepad or using some other file editor.
- For UNIX users, the command is. ‘sudo gedit /etc/hosts’ (to edit files in gedit editor).
- Add the line below at the end of the file and save the file.
Now you can open your browser and type ‘www.google.com’ and you can notice that you are redirected to ‘www.facebook.com’.