Effectively change the hosts file of your iPhone, iPad or Android with ettercap
Based on “Test web apps on iOS by DNS spoofing your LAN with Ettercap” by Henrique Barosso. Modified to work on a Mac running OS X.
To access a website or service that uses a virtual host but isn’t in DNS, you need to add it to the hosts file of the machine you’re using for testing.
Unfortunately, you can’t edit the hosts file of a (non-jailbroken) iPhone or iPad. This makes testing difficult.
As a work around, we’re going to use ARP spoofing to intercept DNS requests from your iPhone or iPad and respond to those requests with the IP address of your virtual server.
So, if accessing your development environment requires a hosts file entry like
192.254.12.1 devserver.mysite.com
then this process will let you tell your iPhone or iPad to resolve devserver.mysite.com in the same way.
A few things to keep in mind before you do this:
- you need to have
sudoon your Mac - your iPhone or iPad and Mac need to be on the same WiFi network, and
- you can do a lot of evil, evil things by ARP spoofing on a public network; do not do this, it’s illegal
With that said, to get this going:
-
Install
ettercap. I recommend using homebrew to manage linux ports on your Mac:% brew install ettercap -
Find the IP address of the device (iPhone or iPad) you’d like to test with. On iOS 7 you can see your phone’s IP address by navigating to Settings > Wi-Fi > Wireless Network Name . Let’s say it’s
192.168.1.105. -
Turn of WiFi on the device you want to test with; this will clear its ARP cache.
-
Edit
/usr/local/etc/ettercap/etter.dnsand add an entry for the virtual server you would like to test, e.g.# Websites for testing devserver.mysite.com A 192.254.12.1 -
Enable the firewall and IP forwarding:
% sudo sysctl -w net.inet.ip.forwarding=1 % sudo sysctl -w net.inet.ip.fw.enable=1 -
Start
ettercapand activate thedns_spoofplugin:% sudo ettercap -i en1 -T -q -M ARP:remote -P dns_spoof /192.168.1.105/ //Remember to replace
192.168.1.105with the IP address of your phone or tablet. -
Turn WiFi back on on your device.
If everything worked properly, you should see some output from ettercap, letting you know that it’s intercepted an ARP request on your device.
% sudo ettercap -i en1 -T -q -M ARP:remote -P dns_spoof /192.168.1.101/ // Password: ettercap 0.8.0 copyright 2001-2013 Ettercap Development Team Listening on: en1 -> XX:XX:XX... SSL dissection needs a valid 'redir_command_on' script in the etter.conf file Privileges dropped to UID 65534 GID 65534... 33 plugins 42 protocol dissectors 57 ports monitored 16074 mac vendor fingerprint 1766 tcp OS fingerprint 2182 known services Randomizing 255 hosts for scanning... Scanning the whole netmask for 255 hosts... * |==================================================>| 100.00 % Scanning for merged targets (1 hosts)... * |==================================================>| 100.00 % 7 hosts added to the hosts list... ARP poisoning victims: GROUP 1 : 192.168.1.101 CC:XX:XX:XX:XX GROUP 2 : ANY (all the hosts in the list) Starting Unified sniffing... Text only Interface activated... Hit 'h' for inline help Activating dns_spoof plugin... dns_spoof: [devserver.mysite.com] spoofed to [192.254.12.1] -
Try navigating to
devserver.mysite.comon your device. If it doesn’t work, then try turning your WiFi on and off again to flush the ARP cache. -
Once you’re done testing, press
qto exit ettercap.
That’s it! If you have questions, concerns, or enhancement suggestions please let me know on twitter (@josephby) or join the conversation on Hacker News.