This file is indexed.

/etc/ettercap/etter.dns is in ettercap-common 1:0.8.1-3+deb8u1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
############################################################################
#                                                                          #
#  ettercap -- etter.dns -- host file for dns_spoof plugin                 #
#                                                                          #
#  Copyright (C) ALoR & NaGA                                               #
#                                                                          #
#  This program is free software; you can redistribute it and/or modify    #
#  it under the terms of the GNU General Public License as published by    #
#  the Free Software Foundation; either version 2 of the License, or       #
#  (at your option) any later version.                                     #
#                                                                          #
############################################################################
#                                                                          #
# Sample hosts file for dns_spoof plugin                                   #
#                                                                          #
# the format is (for A query):                                             #
#   www.myhostname.com A 168.11.22.33                                      #
#   *.foo.com          A 168.44.55.66                                      #
#                                                                          #
# ... for a AAAA query (same hostname allowed):                            #
#   www.myhostname.com AAAA 2001:db8::1                                    #
#   *.foo.com          AAAA 2001:db8::2                                    #
#                                                                          #
# or to skip a protocol family (useful with dual-stack):                   #
#   www.hotmail.com    AAAA ::                                             #
#   www.yahoo.com      A    0.0.0.0                                        #
#                                                                          #
# or for PTR query:                                                        #
#   www.bar.com    PTR 10.0.0.10                                           #
#   www.google.com PTR ::1                                                 #
#                                                                          #
# or for MX query (either IPv4 or IPv6):                                   #
#    domain.com MX xxx.xxx.xxx.xxx                                         #
#    domain2.com MX xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx                #
#    domain3.com MX xxxx:xxxx::y                                           #
#                                                                          #
# or for WINS query:                                                       #
#    workgroup WINS 127.0.0.1                                              #
#    PC*       WINS 127.0.0.1                                              #
#                                                                          #
# or for SRV query (either IPv4 or IPv6):                                  #
#    service._tcp|_udp.domain SRV 192.168.1.10:port                        #
#    service._tcp|_udp.domain SRV [2001:db8::3]:port                       #
#                                                                          #
# NOTE: the wildcarded hosts can't be used to poison the PTR requests      #
#       so if you want to reverse poison you have to specify a plain       #
#       host. (look at the www.microsoft.com example)                      #
#                                                                          #
############################################################################

################################
# microsoft sucks ;)
# redirect it to www.linux.org
#

microsoft.com      A   209.92.24.80
*.microsoft.com    A   209.92.24.80
www.microsoft.com  PTR 209.92.24.80      # Wildcards in PTR are not allowed

##########################################
# no one out there can have our domains...
#

www.alor.org  A 127.0.0.1
www.naga.org  A 127.0.0.1
www.naga.org  AAAA 2001:db8::2

##########################################
# dual stack enabled hosts does not make life easy
# force them back to single stack 

www.ietf.org   A    127.0.0.1
www.ietf.org   AAAA ::

www.example.org  A    0.0.0.0
www.example.org  AAAA ::1

###############################################
# one day we will have our ettercap.org domain
#

www.ettercap.org           A  127.0.0.1
www.ettercap-project.org   A  127.0.0.1
ettercap.sourceforge.net   A  216.136.171.201
www.ettercap.org           PTR ::1

###############################################
# some MX examples
#

alor.org   MX  127.0.0.1
naga.org   MX  127.0.0.1
example.org MX 127.0.0.2
microsoft.com MX 2001:db8::1ce:c01d:bee3

###############################################
# This messes up NetBIOS clients using DNS
# resolutions. I.e. Windows/Samba file sharing.
#

LAB-PC*  WINS  127.0.0.1

###############################################
# some service discovery examples

xmpp-server._tcp.jabber.org SRV 192.168.1.10:5269     
ldap._udp.mynet.com SRV [2001:db8:c001:beef::1]:389   


# vim:ts=8:noexpandtab