Hacker News new | past | comments | ask | show | jobs | submit login

How did you get clients to use your DNS server? Was it on a network where you controlled the router, or did you set up a WiFi base station that folks blindly connected to in public, or some other way?

I'm pretty sure you could do it with just ARP spoofing/poisoning (https://en.wikipedia.org/wiki/ARP_spoofing). No need to control any other node on the network.

Yes, I did it on my own network at the router level as a proof-of-concept. I didn't actually use it on other people, but the idea is that a malicious public network operator could do so and effectively install keyloggers on dozens of people per day.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact