Phishing vs DNS Poisoning / Spoofing
Today I am going to explain about another cool experiment done by me. That is a DNS Poisoning (or Spoofing) attack. So let's start, Before the start I like to compare the Phishing attack and the DNS Poisoning attack. As we know Phishing is a well known method armed with Social Engineering to steal sensitive information by using bait (Compromised URL or Link). In the DNS Poisoning, the process is likely same, but not exactly the same. When we are talking about Phishing web pages there is a main weak point, Phishing web pages can not serve under genuine domain addresses, (There are methods by using Cross-site Scripting but I am not going to talk about that.) but when talking about DNS Poisoning, hackers can serve malicious web pages under genuine domain addresses. So that is very hard to identify these kind of attacks. Image Reference: https://www.imperva.com/learn/application-security/dns-spoofing/ Now I am going to talk about how to perform these kind of attacks. To