You can spoof DNS requests of a victim when you are in the same network as them (the router knows which sites you visit through those DNS requests anyway). It doesn't matter which DNS server the victim uses. As long as they don't use encrypted DNS they expose the websites they visit.
Takes 5 minutes to configure your OpenWRT router to log all DNS requests: https://superuser.com/questions/632898/how-to-log-all-dns-re...
Or if you are an attacker without control over that router: search for dns spoofing. I did this several times to demonstrate companies that their public networks can be hijacked.
Takes 5 minutes to configure your OpenWRT router to log all DNS requests: https://superuser.com/questions/632898/how-to-log-all-dns-re... Or if you are an attacker without control over that router: search for dns spoofing. I did this several times to demonstrate companies that their public networks can be hijacked.