What is Spoofing? Spoofing Techniques and Tutorials


Feb 27, 2019
Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server.
Spoofing can be used to gain access to a target’s personal information, spread malware through infected links or attachments, bypass network access controls, or redistribute traffic to conduct a denial-of-service attack. Spoofing is often the way a bad actor gains access in order to execute a larger cyber attack such as an advanced persistent threat or a man-in-the-middle attack.

Or Simply,

Spoofing, in general, is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver.Spoofing is most prevalent in communication mechanisms that lack a high level of security.

How Spoofing Works?

Spoofing can be applied to a number of communication methods and employ various levels of technical know-how. Spoofing can be used carry out phishing attacks, which are scams to gain sensitive information from individuals or organizations.

DHCP Starvation Attack

Another type of network attack which is targeted to DHCP servers is known as DHCP starvation attack.In a DHCP starvation attack,an attacker broadcasts large number of DHCP REQUEST messages with spoofed source MAC addresses.If the legitimate DHCP Server in the network start responding to all these bogus DHCP REQUESTmessages,available IP Addresses in the DHCP server scope will be depleted within a very short span of time.

Types of Spoofing

  1. Caller ID Spoofing
  2. Website Spoofing
  3. IP Spoofing
  4. ARP Spoofing
  5. DNS Spoofing



1. Go to http://www.mobivox.com and register there for free account.

2. During registration, remember to insert Victim mobile number in “Phone number” field.

3. Complete registration and confirm your email id and then login to your account.

click on “Direct WebCall”.

4. You will arrive at page shown below. In “Enter a number” box, select your country and also any mobile number(you can enter yours). Now, simply hit on “Call Now” button to call.

What is MAC address spoofing?

The device that you’re looking at right now has a network interface controller (NIC), the thing that’s responsible for allowing you to connect to a network, like the internet. All devices capable of networking (smartphones, laptops, routers) have one of these. Each NIC is assigned a unique hard-coded MAC addresses that cannot be changed.

However, almost all popular platform such as Windows or OS X or Linux (and hence Android) support changing MAC addresses and pretty easily too. Just because we cannot change the MAC address built into our NIC doesn’t mean we can’t make other devices think that our MAC addresses is something different. Whatever information leaves our device is in our control. And in the header of the packets that make up our data is the address of our device, the MAC address (along with IP and a bunch of other information).

So, our operating systems allow us to instruct the NIC to ignore the built-in MAC address and instead use our own custom MAC address which could be anything we want it to be. This is called MAC spoofing.

What is MAC spoofing used for?

MAC spoofing is awesome. We’re interested in MAC spoofing because it allows us to make other devices think that we are someone else. For a hacker, this opens up a variety of attack vectors:

It allows us to perform man-in-the-middle attacks

It can help us hack Wi-Fi networks

It lets us directly target devices connected to our Local Area Network (LAN)

If you’ve been banned from using a public Wi-Fi hotspot, MAC spoofing allows you to trick the router into thinking that you are some other device.

There are a couple of completely legitimate (read: white hat) reasons for MAC spoofing as well:

Setting up numerous virtual machines in a corporate environment, each with a randomly assigned MAC address.

It can be used for improving anonymity (An unsafe local network can track you using your MAC address. If your MAC address keeps changing, they can’t do that anymore).

Consider an example. Say you’re using Wi-Fi and you’re friend is also connected to the same network. Now, when you first connect to a Wi-Fi access point (the router), you exchange some information with the router. You request a connection from the router, enter the password and if successful, the router responds by opening a connection for you. Now the router knows who you are (your MAC address) and you know who the router is (it’s MAC address).

Now, if you spoof your MAC address to look like the router’s MAC address you could make the friend think that he’s talking with the router when instead all his network traffic is going through your device. This is an example of a man-in-the-middle attack and this technique can allow you to snoop on unencrypted traffic (HTTP), redirect the user to some other websites or replace all the images they see with photos of cats if you want to.

Can a website detect your real MAC address?
No. MAC addresses are a restricted to the local network segment. For example, they are only used by a router to distinguish different devices connected to it, but the MAC address is never sent from the router to the internet.

Do You Know The Benefits Of Spoofing MAC Address?

  • If Not, Take A Look At Some Of The Benefits:
  • It Allows You To Take Over Another Device's Identity.
  • It Can Be Used To Get Free WiFi (From Neighbors Or Public WiFi Spot).
  • It Enables You To Evade Network Intrusion Detection systems.

ARP Poisoning

Address Resolution Protocol (ARP) is a stateless protocol used for resolving IP addresses to machine MAC addresses. All network devices that need to communicate on the network broadcast ARP queries in the system to find out other machines’ MAC addresses. ARP Poisoning is also known as ARP Spoofing.

Here is how ARP works :

When one machine needs to communicate with another, it looks up its ARP table.

If the MAC address is not found in the table, the ARP_request is broadcasted over the network.

All machines on the network will compare this IP address to MAC address.

If one of the machines in the network identifies this address, then it will respond to the ARP_request with its IP and MAC address.

The requesting computer will store the address pair in its ARP table and communication will take place.

DNS Spoofing

DNS cache poisoning, also known as DNS spoofing, is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones. One of the reasons DNS poisoning is so dangerous is because it can spread from DNS server to DNS server.


IP spoofing refers to connection hijacking through a fake Internet Protocol (IP)address.IP spoofing is the action of masking a computer IP address so that it looks like it is authentic.During this masking process,the fake IP address sends what appears to be a malevolent message coupled with an IP address that appears to be authentic and trusted.In IP spoofing,IP headers are masked through a form of Transmission Control Protocol (TCP)in which spoofers discover and then manipulate vital information contained in the IP header such as IP address and source and destination information.

Spoof Website

Spoof websites are commonly considered a form of phishing,which is hacking or building IT structures with the purpose of stealing data.Commonly,a spoof website will use logos,impressive text and visual design or other means to effectively imitate the style of a legitimate enterprise or group.Users will often enter financial details or other data,trusting that they are being sent to the right place.


A denial-of-service attack is often an effective way to cripple a server's ability to respond to demands from legitimate sources.In smurfing,the method for the DoS attack uses IP spoofing,where a message is sent from what looks like a valid IP address.Smurfing uses a network administration system called Internet Control Message Protocol (ICMP).The perpetrator basically sends a simple test message,or "pings,"an entire network and all if its included IP addresses.The resulting traffic can overwhelm the host.One way to think of this is that a broad-spectrum pinging can cause a ripple effect of traffic that can flood the system

Spoofing Tools for Windows OS

Link : https://mega.nz/#F!3zgV1KLB!dxmxzpt8rmClGt1FjJgEEw

iOS Sms Spoofing App « Null Byte :: WonderHowTo

Link : https://null-byte.wonderhowto.com/forum/ios-sms-spoofing-app-0166043/

Anonymouse Spoof Sms Sender

Link : https://mega.nz/#!geYzQRJb!1fJ0p8ZCFc1DSZvc_a7Nhu6E7jW_FJTyT2CSh-DTNng

Neos Email Spoofer

Spoof Emails easily with this Software. Sending emails to anyone from anyone's email id is called Email Spoofing. Run on Safe Place VM/Sandboxie.

Link : https://www.mirrored.to/files/JU2PD0IM/


This is a very quick and easy way to spoof your phone number on your phone, tablet or computer!

This program detects contacts as well!
(Say your calling someones phone with a spoofed number & that person you're calling has the number you're spoofing in there contacts as the original persons number, it will pop up on there phone as the contact!)

Link : https://www.firertc.com

Make a account, doesn't have to be real information & BOOM!

CarbonCopy Tool

CarbonCopy is a tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux.

Link : https://drive.google.com/file/d/11ez5CAtqTH69ZhghVfxyq6g3pz_wYt4k/view?usp=drivesdk

PayTM Spoof App

Even Been Fooled By Rippers, Check Out How They Do it With This Spoof App.

Link : https://databusterz.com/paytm-spoof-app-create-fake-payment-screenshots/



1. Go to http://www.mobivox.com and register there for free account.

2. During registration, remember to insert Victim mobile number in “Phone number” field.

3. Complete registration and confirm your email id and then login to your account.

click on “Direct WebCall”.

4. You will arrive at page shown below. In “Enter a number” box, select your country and also any mobile number(you can enter yours). Now, simply hit on “Call Now” button to call.

5. That’s it. Enjoy :)

MAC address spoofing

1. Open your terminal, and type

ifconfig | grep HWaddr

you will see your original MAC address, mine was (not telling you)

2. To temporary change our MAC address, we need to turn off the network interface first by running this command

ifconfig eth0 down

3. After that we can configure the new MAC address

ifconfig eth0 hw ether 00:00:00:00:00:02

you can change the MAC address using this hexadecimal format XX:XX:XX:XX:XX:XX

4. Now we can turn on the network interface again.

ifconfig eth0 up

5. And the last we can check again our MAC whether it's change or not.

if we follow until this step, MAC address will back to default after we restart our machine. Go to next page to view how to change MAC address permanently.

6. Kali Linux was built based on Debian. In all the network interface was located on /etc/network/interfaces.

7. We will configure the /etc/network/interfaces. In this tutorial I will use pico text editor, but you can choose any of your favourite text editor.

pico /etc/network/interfaces

8. Now we will add one line of script to change our MAC address permanently

pre-up ifconfig eth0 hw ether 00:00:00:00:00:02

9. If we want to restore the default MAC address, just add the # sign in front of script in step 8.

#pre-up ifconfig eth0 hw ether 00:00:00:00:00:02

The Art of Email Spoofing Protection

Email is a vital backbone of all businesses in todays fast moving connected world, defined as a protocol it is called ‘Simple Mail Transfer Protocol’ and it’s quite correct in saying that the protocol is quite simple.

Email was never designed with security in mind, it was created when networks were small enough that everyone knew each other, and that alone was considered good enough reason to implicitly trust emails from each other, there were no identification checks in place.
AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features of our website. For the best site experience please disable your AdBlocker.

I've Disabled AdBlock