0

I was learning networking and knew that browsers don't have algorithms to convert domain names to IPs. It queries a DNS server.

After that, the computer remembers the IP, so next time the domain is referenced, the browser will use the cached IP.

But if there is malware on the device, can it change the cached DNS data so when a user enters https://security.stackexchange.com/, the device sends traffic to a malicious IP? How it can be done?

Or this logs are located in RAM?

Improve this question
1
  • 1
    You could even edit the local hosts file and do the same thing. Except that HTTPS would alert a problem because the TLS certificates would not match.
    – schroeder
    Commented Jun 16, 2021 at 20:36

1 Answer 1

Reset to default
-2

I think it would be easier to change your browsers DNS address to point to a malicious domain, although I am not sure exactly where the DNS query address is stored within a browser directory.

Improve this answer
2
  • 1
    The local DNS settings don't point to a malicious domain, but to a malicious DNS server. DNS queries are handled in the OS, not at the browser level.
    – schroeder
    Commented Jun 17, 2021 at 12:22
  • @Jenia my comment is correcting the errors in the answer. To answer your question, I would need to remember and test how to poison the local machine's DNS cache. However, there are lots of ways to manipulate DNS maliciously.
    – schroeder
    Commented Jun 17, 2021 at 14:28

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .