Faiyaz Ahmad
3 min readJul 19, 2022

This article was originally published at BePractical

Learn everything about dns spoof attack from basics to advanced


Hi everyone! Suppose you are in your WiFi network and trying to book a movie ticket online. You opened the website there is no sign of phishing and everything seems nice. You buy your ticket as usual and nothing seems to happen. Then after sometime, you noticed that your ticket was not booked but your money gets deducted from the bank account. In frustration, you contacted the customer support regarding this issue but they told you that they didn’t receive the money. Guess what? You are hacked by someone in your network. You might be thinking “I have make sure that i was visiting the actual website. The domain name was same as that of the cinema hall’s website. I have taken every countermeasures to make sure that the website i was visiting is not phishing. Did someone hack into my laptop?” Well, no one have hacked into your computer(Not yet). Basically, they were able to conduct a successful man in the middle attack resulting in the compromise of your credit card. Using man in the middle attack, they were able to perform dns spoofing attack. Therefore, it seems that you have visited the actual website but it is not the case. You are visiting the website hosted on attacker’s machine. Let us try to understand the figure below for more clarity:

Now i think you understood what actually happened. When you tried to visit the cinema hall’s website, then you actually visited the attacker’s controlled website because of the fake entry attacker added in the DNS.

Annonucement: If you want to learn how hackers hack millions of accounts on a website, Then i recommend you to check out this beginner friendly course which will teach you how to perform account takeovers in real world websites.

What is DNS?

DNS stands for Domain Name Server. Basically every server have their ip address. DNS is used to point a domain name to their belonged ip address since it is very difficult for us to type ip address of every website on the internet. For example, if you type google.com in your browser then it will resolve to the google’s ip address. This is the simplest explanation of DNS. For more depth, you can check this article.

What is DNS Spoof Attack?

In simple terms, DNS Spoof Attack or DNS Spoofing attack is a type of man in the middle attack where the attacker was able to embed a fake DNS entry in the network. As a result instead of pointing to google’s ip address you will be redirected to the attacker’s controlled webpage without your knowledge. Although most modern browsers have some security protection feature that detects dns spoofing attacks, it is still possible for an attacker to successfully conduct this attack.

In 2006, unknown hackers carried out a major DNS spoofing attack — the first of its kind — against three local banks in Florida. The attackers hacked the servers of the internet provider that hosted all three websites and redirected traffic to fake login pages designed to collect sensitive data from unsuspecting victims. This allowed them to collect an undisclosed number of credit card numbers and PINs, along with other personal information belonging to their owners!

How to perform DNS Spoof Attack?

Note: You need to have Kali Linux installed in your computer.


I hope you all understood about dns spoofing attack in depth. Please note that many websites like Facebook, Instagram etc are secured from man in the middle attacks. It is because they only allow connections from https protocol. Since most of the man in the middle attack works on http protocol, therefore attacking these websites through man in the middle attack is quite difficult.

Let me know if you have any doubts of issues in the comment section.

Join Our Telegram Channel: https://telegram.me/bepracticaltech

YouTube Channel: https://www.youtube.com/channel/UCrbJ0ju-gv7ZIxA5fwE_0IQ

Check out our cybersecurity section over here.