/etc/ettercap/etter.dns is in ettercap-common 1:0.8.2-10build4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 | ############################################################################
# #
# ettercap -- etter.dns -- host file for dns_spoof plugin #
# #
# Copyright (C) ALoR & NaGA #
# #
# This program is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
############################################################################
# #
# Sample hosts file for dns_spoof plugin #
# #
# the format is (for A query): #
# www.myhostname.com A 168.11.22.33 #
# *.foo.com A 168.44.55.66 #
# #
# ... for a AAAA query (same hostname allowed): #
# www.myhostname.com AAAA 2001:db8::1 #
# *.foo.com AAAA 2001:db8::2 #
# #
# or to skip a protocol family (useful with dual-stack): #
# www.hotmail.com AAAA :: #
# www.yahoo.com A 0.0.0.0 #
# #
# or for PTR query: #
# www.bar.com PTR 10.0.0.10 #
# www.google.com PTR ::1 #
# #
# or for MX query (either IPv4 or IPv6): #
# domain.com MX xxx.xxx.xxx.xxx #
# domain2.com MX xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx #
# domain3.com MX xxxx:xxxx::y #
# #
# or for WINS query: #
# workgroup WINS 127.0.0.1 #
# PC* WINS 127.0.0.1 #
# #
# or for SRV query (either IPv4 or IPv6): #
# service._tcp|_udp.domain SRV 192.168.1.10:port #
# service._tcp|_udp.domain SRV [2001:db8::3]:port #
# #
# or for TXT query (value must be wrapped in double quotes): #
# google.com TXT "v=spf1 ip4:192.168.0.3/32 ~all" #
# #
# NOTE: the wildcarded hosts can't be used to poison the PTR requests #
# so if you want to reverse poison you have to specify a plain #
# host. (look at the www.microsoft.com example) #
# #
############################################################################
################################
# microsoft sucks ;)
# redirect it to www.linux.org
#
microsoft.com A 107.170.40.56
*.microsoft.com A 107.170.40.56
www.microsoft.com PTR 107.170.40.56 # Wildcards in PTR are not allowed
##########################################
# no one out there can have our domains...
#
www.alor.org A 127.0.0.1
www.naga.org A 127.0.0.1
www.naga.org AAAA 2001:db8::2
##########################################
# dual stack enabled hosts does not make life easy
# force them back to single stack
www.ietf.org A 127.0.0.1
www.ietf.org AAAA ::
www.example.org A 0.0.0.0
www.example.org AAAA ::1
###############################################
# one day we will have our ettercap.org domain
#
www.ettercap.org A 127.0.0.1
www.ettercap-project.org A 127.0.0.1
ettercap.sourceforge.net A 23.235.43.133
www.ettercap.org PTR ::1
###############################################
# some MX examples
#
alor.org MX 127.0.0.1
naga.org MX 127.0.0.1
example.org MX 127.0.0.2
microsoft.com MX 2001:db8::1ce:c01d:bee3
###############################################
# This messes up NetBIOS clients using DNS
# resolutions. I.e. Windows/Samba file sharing.
#
LAB-PC* WINS 127.0.0.1
###############################################
# some service discovery examples
xmpp-server._tcp.jabber.org SRV 192.168.1.10:5269
ldap._udp.mynet.com SRV [2001:db8:c001:beef::1]:389
###############################################
# little example for TXT records
#
naga.org TXT "v=spf1 ip4:192.168.1.2 ip6:2001:db8:d0b1:beef::2 -all"
# vim:ts=8:noexpandtab
|