Spoofing involves faking a real identity to trick the authenticator and gain unauthorized access or sensitive information. Some common spoofing techniques discussed in the document include email spoofing, caller ID spoofing, IP address spoofing, MAC address spoofing, GPS spoofing, and DNS spoofing. The document provides examples of each technique and notes some sites that can be used to conduct spoofing, as well as potential safeguards and laws related to certain spoofing methods.
1. 02
Spoofing attack
THE ART OF HOAX OR TRICK SOMEONE
CALL, SMS, EMAIL, IP, MAC & DNS Spoofing
Hacking and penetration testing tutorial
PANKAJ DUBEY
Sr. QA Engineer
pankajdubeyk@gmail.com
http://PRELRIK.COM
http://youtube.com/c/prelrik
2. What is spoofing
● Spoofing is an art of faking a real identity
● The main purpose is to trick the authenticator to release
sensitive information or to gain unauthorized access
● Ex - An attacker can book a domain like faceb00k.com to
make a similar looking URL of facebook.com, also they can
get a copy of original site by web mirroring tools.
“In the context of computer security, a spoofing attack is an
attack in which one person or program successfully acts as
another by falsifying data, thereby gaining an illegitimate
advantage.”
3. An Example - CEO CFO frauds
“CEO fraud usually begins with the thieves either phishing an executive and
gaining access to that individual’s inbox, or emailing employees from a look-
alike domain name that is one or two letters off from the target company’s
true domain name. “
● In first point, attacker spoofs the email ID of CEO
● In second point, attacker spoofed the cell number to make a fake call or SMS
● According to an FBI report, US companies lost 2.3 Billion dollars from Oct13 to Feb16 due to
CEO fraud attacks
4. What can be spoofed?
Website Email ID
Caller ID IP Address
MAC Address
GPS location
DNS
Call, SMS
5. website spoofing
“Website spoofing is creating a hoax copy of the original website to
mislead the real website users.”
● It requires similar URL and same design of the original site
● http://000webhost.com is a hosting service provider for free
● http://freenom.com is a site to get similar domains for free
● This technique is also known as URL SPOOFING
● Web mirroring software or websites allows us to download a website in local directory with
same design, just write your function to get what you want.
Tools - HTTRACK WEBSITE COPIER, Surf-offline
6. email spoofing
“Email spoofing is sending of emails with
a forged sender, where sender’s email ID
looks same or similar but in reality that’s
a fake.”
● The famous CEO CFO frauds are usually done using
this technique
● http://emkei.cz is a site that can be used for email
spoofing
● Email spoofing mainly requires a similar looking
domain name
7. Safeguards against email spoofing
● It’s strongly recommended for pen tester’s to check that service provider sites
doesn’t open inside a company
● Never download any file from untrusted sender’s email ID or click on the URL
mentioned.
● Always check and ensure that the sender’s email ID is correct. Look at the
spellings.
● In case, you have downloaded any suspicious file, never enable Macros if asked.
8. Caller ID spoofing
“Call spoofing is a technique of making a call or SMS with a fake
caller ID to pretend to be someone else.”
● Caller ID spoofing is done to hide the real Identity of caller
● http://crazycall.net , www.spooftel.com are some sites used for call spoofing
● Caller ID can be spoofed to make calls and messages
● http://spoofcard.com , is a site used for SMS spoofing
9. Laws of Land for Caller ID spoofing
USA - Legally allowed, unless any fraud isn’t done
UK - Spoofed numbers are allocated to third party and in some cases individuals, It can be made
with third party’s permission
INDIA - Caller ID spoofing is illegal here and all service providing sites are usually blocked
CANADA - It’s legal and allowed in Canada
10. IP address spoofing (1/2)
“IP spoofing is a technique of masking the real IP of computer with a fake
IP while interacting on world wide web.”
● It’s a major threat where IP based authentication is allowed.
● IP or Internet Protocol is the basic protocol for communication over internet. Where each
data packet’s must have an associated IP of the sender. In this case user temper’s the IP
address associated with data packet.
● IP spoofing is widely be used for DoS (Denial of Service) attacks to hide the real sender’s IP
11. IP address spoofing (2/2)
Spoofed IP packets are also used in performance testing of websites.
Where hundreds or even thousands of virtual users may be created, each executing a test
script against the website under test, in order to simulate what will happen when the
system goes "live" and a large number of users log on at once.
● Since each user will normally have its own IP address, commercial testing products (such
as HP LoadRunner, WebLOAD, and others) can use IP spoofing, allowing each user its own
"return address" as well.
● Any service that uses IP address authentication
12. Penetration testing against IP spoofing
Packet filtering is one defense against IP spoofing attacks.
Ingress filtering is a technique used to ensure that incoming packets are actually from the
networks from which they claim to originate.
● This can be used as a countermeasure against various spoofing attacks where the
attacker's packets contain fake IP addresses to make it difficult to find the source of the
attack.
● This technique is often used in the denial-of-service attack, and this is a primary target of
ingress filtering.
13. MAC spoofing
“MAC spoofing is a technique for changing a factory-assigned Media Access
Control (MAC) address of a network interface on a networked device”
● MAC address spoofing is not illegal, its practice has caused controversy in some cases
● The changing of the assigned MAC address may allow the bypassing of access control
lists on servers or routers, either hiding a computer on a network or allowing it to
impersonate another network device.
14. GPS spoofing
“A GPS spoofing attack attempts to trick a GPS receiver by broadcasting
incorrect GPS signals, structured to resemble a set of normal GPS signals, or by
rebroadcasting genuine signals captured elsewhere or at a different time. “
● The signal can cause the receiver to report a position chosen by the attacker that is
somewhere other than where the receiver actually is
● It has been suggested that the capture of a Lockheed RQ-170 drone aircraft in
northeastern Iran in December, 2011 was the result of such an attack
15. DNS spoofing
“DNS spoofing, also referred to as DNS cache poisoning, is a form of computer
security hacking in which corrupt Domain Name System data is introduced into
the DNS resolver’s cache, causing the name server to return an incorrect IP
address. This results in traffic being diverted to the attacker's computer.”
DNS Spoofing can be done by:
● Compromising the DNS server
● Man in the middle attack
● Mounting a DNS poisoning attack
● DNS cache poisoning is one way to do DNS spoofing