Exemplo n.º 1
0
def show_info(data, direction):
    try:
        from dns import message as m
    except ImportError:
        print "Install dnspython module will give you more response infomation."
    else:
        if direction == 0:
            print "query:\n\t", "\n\t".join(str(m.from_wire(data)).split("\n"))
            print "\n================"
        elif direction == 1:
            print "response:\n\t","\n\t".join(str(m.from_wire(data)).split("\n"))
            print "\n================"
Exemplo n.º 2
0
 def showInfo(self, data, direction):
     try:
         from dns import message as m
     except ImportError:
         print "Install dnspython module will give you more response infomation."
     else:
         if direction == 0:
             print "query:\n\t", "\n\t".join(str(m.from_wire(data)).split("\n"))
             print "\n================"
         elif direction == 1:
             print "response:\n\t", "\n\t".join(str(m.from_wire(data)).split("\n"))
             print "\n================"
Exemplo n.º 3
0
def get_response(data, spoofs, spoof_all):
    message = from_wire(data)
    domain = str(message.question[0].name)[:-1]
    rrset = None
    response = make_response(message)
    if spoofs and message.question[
            0].rdtype == dns.rdatatype.A and domain in spoofs:
        print('Spoofing query for %s' % domain)
        rrset = from_text(message.question[0].name, 300, dns.rdataclass.IN,
                          dns.rdatatype.A, spoofs[domain])
    elif spoof_all and message.question[0].rdtype == dns.rdatatype.A:
        print('Spoofing query for %s due to spoof all' % domain)
        rrset = from_text(message.question[0].name, 300, dns.rdataclass.IN,
                          dns.rdatatype.A, spoof_all)
    else:
        print('Not spoofing %s query for %s' %
              (dns.rdatatype.to_text(message.question[0].rdtype), domain))
        resolver = Resolver()
        try:
            rrset = resolver.query(message.question[0].name,
                                   message.question[0].rdtype,
                                   message.question[0].rdclass).rrset
        except dns.resolver.NXDOMAIN:
            response.set_rcode(dns.rcode.NXDOMAIN)
        except dns.resolver.NoAnswer:
            response.set_rcode(dns.rcode.NOERROR)

    if rrset:
        response.answer.append(rrset)

    return response
Exemplo n.º 4
0
Arquivo: DNS.py Projeto: 1angxi/diesel
 def _actually_resolve(self, name, timeout):
     timeout = timeout / float(len(self.nameservers))
     try:
         for server in self.nameservers:
             # Try each nameserver in succession.
             self.addr = server
             query = make_query(name, A)
             send(query.to_wire())
             start = time.time()
             remaining = timeout
             while True:
                 # Handle the possibility of responses that are not to our
                 # original request - they are ignored and we wait for a
                 # response that matches our query.
                 item, data = first(datagram=True, sleep=remaining)
                 if item == "datagram":
                     response = from_wire(data)
                     if query.is_response(response):
                         if response.answer:
                             a_records = [r for r in response.answer if r.rdtype == A]
                             return [item.address for item in a_records[0].items]
                         raise NotFound
                     else:
                         # Not a response to our query - continue waiting for
                         # one that is.
                         remaining = remaining - (time.time() - start)
                 elif item == "sleep":
                     break
         else:
             raise Timeout(name)
     finally:
         self.addr = self.primary
Exemplo n.º 5
0
    def _run(self):
        self._running = True
        while self._running:
            try:
                read, _, _ = select.select(self._socks, [], [], 1)
                etime = time.time() # Response is wait, stop the clock
                for sock in read:
                    dgram, addr = sock.recvfrom(4096)
                    dgram = dm.from_wire(dgram)
                    # Ignore packets that are not responses
                    if not dgram.flags & df.QR:
                        continue
                    # IPv6 will return additional details not needed for lookup
                    addr = (addr[0], addr[1])

                    key = self._key(dgram, addr)
                    with self._lock:
                        callback, data, stime = self._callbacks[key]
                        del self._callbacks[key]
                    callback(dgram, data, etime - stime)
            except socket.timeout:
                pass
            except (KeyboardInterrupt, SystemExit):
                raise
            except Exception as e:
                print >>sys.stderr, 'Exception %s: %s' % (e, traceback.format_exc())
        self.running = False
Exemplo n.º 6
0
 def handle(self, data, address):
     print("成功解析{}次, 共解析{}次".format(self.stats["success"],
                                    self.stats["total"]))
     self.stats["total"] += 1
     query_msg = from_wire(data)
     assert len(query_msg.question) == 1
     buffer = self.buffer.get(str(query_msg.question[0].name))
     if buffer:
         response_msg = make_response(query_msg)
         response_msg.answer = buffer
         self.socket.sendto(response_msg.to_wire(), address)
         self.stats["success"] += 1
         return
     client = DNSClient()
     for _ in range(2):
         server = self.get_server(query_msg.question)
         client.set_address(server)
         response_msg = client.query(query_msg)
         if response_msg and response_msg.answer:
             self.buffer[str(
                 query_msg.question[0].name)] = response_msg.answer
             self.socket.sendto(response_msg.to_wire(), address)
             self.stats["success"] += 1
             return
     server = self.get_server("")
     client.set_address(server)
     response_msg = client.query(query_msg)
     if response_msg and response_msg.answer:
         self.buffer[str(query_msg.question[0].name)] = response_msg.answer
         self.socket.sendto(response_msg.to_wire(), address)
         self.stats["success"] += 1
     print("{}解析错误".format(str(query_msg.question[0].name)))
Exemplo n.º 7
0
    def _run(self):
        self._running = True
        while self._running:
            try:
                read, _, _ = select.select(self._socks, [], [], 1)
                etime = time.time()  # Response is wait, stop the clock
                for sock in read:
                    dgram, addr = sock.recvfrom(4096)
                    dgram = dm.from_wire(dgram)
                    # Ignore packets that are not responses
                    if not dgram.flags & df.QR:
                        continue
                    # IPv6 will return additional details not needed for lookup
                    addr = (addr[0], addr[1])

                    key = self._key(dgram, addr)
                    with self._lock:
                        callback, data, stime = self._callbacks[key]
                        del self._callbacks[key]
                    callback(dgram, data, etime - stime)
            except socket.timeout:
                pass
            except (KeyboardInterrupt, SystemExit):
                raise
            except Exception as e:
                print >> sys.stderr, 'Exception %s: %s' % (
                    e, traceback.format_exc())
        self.running = False
Exemplo n.º 8
0
 def data_process(self,data_get):
     data_message = message.from_wire(data_get).to_text()
 #    print(data_message)
     data_list = data_message.split('\n')
     data_dic = {}
     Question = []
     Answer = []
     data_dic['id'] = data_list[0][2:]
     for index in range(len(data_list)):
         if index > data_list.index(';QUESTION') and index < data_list.index(';ANSWER'): #question
             data_temp = data_list[index].split(' ')
             Question.append(data_temp)
                 #
                 # question : name,class,type    for example: www.baidu.com.   IN   A
                 #
         elif index > data_list.index(';ANSWER') and index < data_list.index(';AUTHORITY'): #answer
             data_temp = data_list[index].split(' ')
             if data_temp[3] == 'MX':            #对于MX类型  省略优先级
                 data_temp.remove(data_temp[4])
             Answer.append(data_temp)
                 #
                 # answer : name,ttl,class,type,value    for example :www.baidu.com.   168 IN A 39.156.66.18
                 #
     data_dic['QUESTION'] = Question
     data_dic['ANSWER'] = Answer
     return data_dic
Exemplo n.º 9
0
 def handle(self, data, addr):
     logging.info("Handling request for %s" % str(addr))
     request = message.from_wire(data)
     name = self._name_from_message(request)
     if name in self.config['mapping']:
         logging.debug("Found %s in config file" % name)
         return self._make_response_for(request, name, self.config['mapping'][name])
     else:
         logging.debug("Resolved %s from real dns" % name)
         return query.udp(request, self.config['general']['nameserver'])
Exemplo n.º 10
0
 def _handle_raw(self, wire):
     # pass
     stime = 0
     etime = time.time()
     q = None
     address = None
     try:
         r = message.from_wire(wire)
         self.rcount += 1
         (q, stime, address) = self.outstanding_queries[r.id]
         if q.is_response(r):
             del self.outstanding_queries[q.id]
     except Exception, e:
         print >>sys.stderr, "err", type(e), e
Exemplo n.º 11
0
 async def query_worker(self, host, q_type):
     try:
         if q_type == 'A':
             mq_type = 1
         elif q_type == 'AAAA':
             mq_type = 28
         query = message.make_query(host.decode('utf-8'), mq_type)
         query = query.to_wire()
         s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
         await self.loop.sock_connect(s, (self.config['dns'], 53))
         await self.loop.sock_sendall(s, query)
         result = await asyncio.wait_for(self.loop.sock_recv(s, 1024), 4)
         await self.clean_up(s, None)
         result = message.from_wire(result)
         return self.decode(str(result), q_type)
     except Exception as error:
         traceback.clear_frames(error.__traceback__)
         error.__traceback__ = None
         await self.clean_up(s, None)
Exemplo n.º 12
0
def get_name_and_type_from_dns_question(request: Request) -> Message:
    logger = logging.getLogger("doh-server")
    accept_header = request.headers.get("Accept")
    if request.method == "GET":
        if accept_header == DOH_JSON_CONTENT_TYPE:
            qname = request.args.get(DOH_DNS_JSON_PARAM["name"], None)
            rdtype = request.args.get(DOH_DNS_JSON_PARAM["type"], None)
            if qname and rdtype:
                return dns.message.make_query(qname=qname, rdtype=rdtype)
        else:
            dns_request = request.args.get(DOH_DNS_PARAM, None)
            if dns_request:
                return extract_from_params(dns_request)
    elif request.method == "POST" and request.content_type == DOH_CONTENT_TYPE:
        body = await request.get_data()
        if body:
            try:
                return message.from_wire(body)
            except Exception as ex:
                logger.info(str(ex))
Exemplo n.º 13
0
        def handle(self):
            data = self.request.recv(1024)
            dlen, = unpack('>H', data[:2])
            while dlen > len(data[2:]):
                data += self.request.recv(1024)
            dnsp = data[2:dlen + 2]
            LOG.info('DNS: Client sent authorization')
            pckt = from_wire(dnsp)
            LOG.debug(str(pckt))
            nti = None
            for rd in pckt.additional[0]:
                nti = rd.key
            if not nti:
                return

            if self.server.config.mode == 'RELAY':
                authdata = get_auth_data(nti, self.server.config)
                self.do_relay(authdata)
            else:
                # Unconstrained delegation mode
                authdata = get_kerberos_loot(token, self.server.config)
                self.do_attack(authdata)
Exemplo n.º 14
0
    def _handle_query(self, metadata, data, fz, pz):
        try:
            dns_msg = message_parser.from_wire(data)
        except (message_parser.ShortHeader, message_parser.TrailingJunk,
                dns.name.BadLabelType):
            self._view.error(
                'Error while parsing DNS message. Pass Thru policy applied.')
            self.DECISION_DICT[self.PASSTHRU_POLICY](self,
                                                     fz,
                                                     metadata=metadata,
                                                     raw=data)
            return

        # Figuring out which policy to apply
        verdict = self._find_policy(pz, dns_msg.question[0])
        if verdict is None:
            self._view.error('Could not determine a verdict. Dropping.')
            return
        self.DECISION_DICT[verdict](self,
                                    fz,
                                    metadata=metadata,
                                    parsed=dns_msg)
Exemplo n.º 15
0
async def _process(sock, resolve, data, addr):
    try:
        msg = message.from_wire(data)
    except:
        print(f'[Serve53] invalid message from {addr}')
        return
    try:
        do = "1" if msg.flags & flags.DO else "0"
        rr = msg.question[0]
        res = await resolve(name=rr.name, type=rr.rdtype, do=do)
        want_nsid = edns.NSID in (o.otype for o in msg.options)
        msg = message.make_response(msg)
        msg.set_rcode(res.get('Status', rcode.NOERROR))
        msg.question, msg.answer = [], []
        msg.flags |= flags.from_text(" ".join(k for k, v in res.items()
                                              if len(k) == 2 and v is True))
        for m, n in ((msg.question, "Question"), (msg.answer, "Answer"),
                     (msg.authority, "Authority"), (msg.additional,
                                                    "Additional")):
            for a in res.get(n, []):
                data = [a['data']] if 'data' in a else []
                m.append(
                    rrset.from_text(a['name'], a.get('TTL'), "IN", a['type'],
                                    *data))
        if want_nsid:
            comment = res.get("Comment")
            nsid = f"named1/{res['NameClient']}{': ' + comment if comment else ''}"
            msg.options.append(edns.GenericOption(edns.NSID, nsid.encode()))
    except Exception as e:  # Don't die on errors/timeouts but report back a failure
        if not isinstance(e, trio.TooSlowError):
            print(f"{e!r}\n{msg}")
        msg.flags = flags.QR
        msg.set_rcode(rcode.SERVFAIL)
    try:
        await sock.sendto(msg.to_wire(origin=origin), addr)
    except Exception as e:
        raise Exception(
            f"Malformed output with answer:\n{res}\n\nand msg:\n{msg}") from e
Exemplo n.º 16
0
    def udp_timing(qname, where, rdtype=rdatatype.A,
                   rdclass=rdataclass.IN, timeout=5.0, port=53, af=None,
                   source=None, source_port=0, ignore_unexpected=False,
                   one_rr_per_rrset=False):
        rc = 'FAIL'
        q = message.make_query(qname, rdtype, rdclass)
        wire = q.to_wire()
        (af, destination, source) = query._destination_and_source(af, where,
                                                                  port, source,
                                                                  source_port)
        s = socket.socket(af, socket.SOCK_DGRAM, 0)
        try:
            expiration = query._compute_expiration(timeout)
            s.setblocking(0)
            if source is not None:
                s.bind(source)
            query._wait_for_writable(s, expiration)
            t1 = time()
            s.sendto(wire, destination)
            while 1:
                query._wait_for_readable(s, expiration)
                (wire, from_address) = s.recvfrom(65535)
                t2 = time()
                if from_address == destination or \
                   (dns.inet.is_multicast(where) and \
                    from_address[1] == destination[1]):
                    rc = 'OK'
                if not ignore_unexpected:
                    rc = 'UnexpectedSource'
                break
        finally:
            s.close()
        r = message.from_wire(wire, keyring=q.keyring, request_mac=q.mac,
                              one_rr_per_rrset=one_rr_per_rrset)
        if not q.is_response(r):
            rc = 'BadResponse'

        return (r, q, t1, t2), rc
Exemplo n.º 17
0
def doh_query(domain, dnsname, detected):
    message = dns.make_query(domain, 1)
    dns_req = base64.urlsafe_b64encode(message.to_wire()).\
        decode("UTF8").rstrip("=")

    try:
        resp = requests.get(
            dnssec[dnsname]['url'],
            params={"dns": dns_req},
            headers={"Content-type": "application/dns-message"})
    except requests.RequestException as reqerror:
        detected[dnsname] = dict(report_DoH='Error with DNSSec Service',
                                 domain=domain)
        return detected

    if "application/dns-message" not in resp.headers["Content-Type"]:
        detected[dnsname] = dict(report_DoH='DNS is not response',
                                 domain=domain,
                                 A='')
        return detected

    answers = [
        response.to_text().split("\n")
        for response in dns.from_wire(resp.content).answer
    ]
    ips = [answer.split()[4] for answer in answers[0]]

    if not ips:
        detected[dnsname] = dict(report_DoH='Domain does not exist',
                                 domain=domain,
                                 A='')
    elif dnssec[dnsname]['malware_ip'] in ips:
        detected[dnsname] = dict(report_DoH='Malware', domain=domain, A='')
    else:
        detected[dnsname] = dict(report_DoH='Good', domain=domain, A=ips)

    return detected
Exemplo n.º 18
0
Arquivo: DNS.py Projeto: wmoss/diesel
 def _actually_resolve(self, name, timeout):
     timeout = timeout / float(len(self.nameservers))
     try:
         for server in self.nameservers:
             # Try each nameserver in succession.
             self.addr = server
             query = make_query(name, A)
             send(query.to_wire())
             start = time.time()
             remaining = timeout
             while True:
                 # Handle the possibility of responses that are not to our
                 # original request - they are ignored and we wait for a
                 # response that matches our query.
                 item, data = first(datagram=True, sleep=remaining)
                 if item == 'datagram':
                     response = from_wire(data)
                     if query.is_response(response):
                         if response.answer:
                             a_records = [
                                 r for r in response.answer if r.rdtype == A
                             ]
                             return [
                                 item.address for item in a_records[0].items
                             ]
                         raise NotFound
                     else:
                         # Not a response to our query - continue waiting for
                         # one that is.
                         remaining = remaining - (time.time() - start)
                 elif item == 'sleep':
                     break
         else:
             raise Timeout(name)
     finally:
         self.addr = self.primary
Exemplo n.º 19
0
 def handle_read(self):
     data = self.recv(4096)
     answer = message.from_wire(data)
     print answer.answer[0].items[0].target.to_text(True)
Exemplo n.º 20
0
    def run(self):
        flag = False
        data_dic = self.data_process(self.c_data)
        #查询数据库
    #    print(data_dic)
        db = DBFacade()
        _name , _type = data_dic['QUESTION'][0][0],data_dic['QUESTION'][0][2]   #原始请求
        answer = db.query(_name , _type)
        flag = (answer == [])
        #answer = [['www.shifen.com.','222','IN','A','39.20.1.1'],['www.shifen.com.','222','IN','A','25.69.6.3']]  
    #    print("---------------ans-----------")
    #    print("answer: ",answer)

        if flag == False:    #用数据库查到的数据向客户端发送 
    #        print("---------------")
    #        print("send case 1")
    #        print("----------------")     

            remark = 'Local'
            if answer[0][4] == '0.0.0.0' or answer[0][4] == '0:0:0:0:0:0:0:0':           #拦截不良网站
                print('拦截不良网站:', _name)
                remark = 'Rejected'

            elif answer[0][3] == 'MX':                                #answer 的处理 (MX)
                for i in range(len(answer)):
                    answer[i].insert(4,'5')       
                                           
            temp_message = message.from_wire(self.c_data)
            temp_message = message.make_response(temp_message).to_text()
            temp_list = temp_message.split("\n")
            index = temp_list.index(";ANSWER")
            for ret in answer:
                temp_list.insert(index+1,' '.join(ret))
                index += 1
            data_send = '\n'.join(temp_list)
            data_send = message.from_text(data_send)
            data_send = data_send.to_wire()
            self.c_socket.sendto(data_send, self.c_addr)     #向客户端发回
            
          
        else:       #请求DNS服务器
            self.s_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)  # 与DNS服务器通信的套接字
    #        print("---------------")
    #        print("send case 2")
    #        print("----------------")
            self.s_socket.sendto(self.c_data, (self.send_ip, self.send_port))      #向服务器发送
            self.s_socket.settimeout(self.timeout_time)         #设置超时时间

            try:
                data, addr = self.s_socket.recvfrom(1024)     #读回DNS服务器的返回
                remark = 'Remote'
                # print(data)
                # print(message.from_wire(data))
                data_dic = self.data_process(data)
                # 存数据库  data_dic['ANSWER']
                db = DBFacade()
                db.insert_records(data_dic["ANSWER"])
                #发回到客户端
                self.c_socket.sendto(data, self.c_addr)

            except socket.timeout:                            #DNS超时
                print('请求超时:', _name)
                remark = 'TimeOut'

            self.s_socket.close()       #获取DNS的返回后(或超时)关闭与服务器通信的socket
        
        #handler做完了一项工作,插入日志,退出
        logger.info('%s:%s      %s      %s      %s'%(self.c_addr[0], self.c_addr[1], _name , _type, remark))
Exemplo n.º 21
0
    def collector(self, packet):

        packetdata = None

        try:
            eth = ImpactDecoder.EthDecoder().decode(packet)
            off = eth.get_header_size()

            if eth.get_ether_type() == ImpactPacket.IP.ethertype:
                ip_decoder = ImpactDecoder.IPDecoder()
                ip = ip_decoder.decode(packet[off:])
                dst = ip.get_ip_dst()
                src = ip.get_ip_src()
                if ip.get_ip_p() == ImpactPacket.UDP.protocol:
                    udp = ip.child()
                    payload = udp.child().get_bytes().tostring()
                    try:
                        import hexdump

                        try:
                            msg = message.from_wire(payload)
                        except Exception as e:
                            # Not an acceptable DNS packet
                            return None

                        if len(msg.answer) > 0:
                            # Packet should not have an answer section
                            return None

                        if len(msg.question) > 0:
                            for q in msg.question:
                                #if hasattr(q, 'name'):
                                if q.rdtype == rdatatype.A:

                                    if self.PROPERTIES['subdomain']['Value']:
                                        prefix = '.%s.%s.' % (
                                            self.PROPERTIES['subdomain']
                                            ['Value'],
                                            self.PROPERTIES['domain']['Value'])
                                    else:
                                        prefix = '.%s.' % (
                                            self.PROPERTIES['domain']['Value'])

                                    if prefix == q.name.to_text(
                                    )[-len(prefix):]:

                                        # Send a reply to the DNS packet
                                        try:
                                            r = message.make_response(msg)
                                            a = A(rdataclass.IN, rdatatype.A,
                                                  '79.70.84.71'
                                                  )  # OFTG in dotted-decimal
                                            rrs = rrset.from_rdata(
                                                q.name.to_text(), 30, a)
                                            r.answer.append(rrs)

                                            data = ImpactPacket.Data(
                                                r.to_wire())
                                            rudp = ImpactPacket.UDP()
                                            rudp.set_uh_sport(53)
                                            rudp.set_uh_dport(12345)
                                            rudp.contains(data)
                                            rip = ImpactPacket.IP()

                                            rip.set_ip_dst(src)
                                            rip.set_ip_src(self.getlocaladdr())
                                            rip.contains(rudp)
                                            s = socket.socket(
                                                socket.AF_INET,
                                                socket.SOCK_RAW,
                                                socket.IPPROTO_UDP)
                                            s.setsockopt(
                                                socket.IPPROTO_IP,
                                                socket.IP_HDRINCL, 1)
                                            s.sendto(rip.get_packet(),
                                                     (src, 12345))
                                        except Exception as e:
                                            self.logger.error(
                                                'Failed to send reply packet with %s: %s'
                                                % (self.__class__.__name__, e))

                                        dnsdata = q.name.to_text(
                                        )[:-len(prefix)]
                                        dnsdata = self.dnsb64unescape(dnsdata)
                                        payload = self.decoder(dnsdata)
                                        result = payload
                                        # TODO: Fix results
                                        result['Source Host'] = src
                                        result['Protocol Subtype'] = 'Port'
                                        result[
                                            'Subtype'] = 53  #str(ip.child().get_uh_sport())

                                        return result
                    except DNSException:
                        pass
                    except Exception as e:
                        if e:
                            print 'Error %s' % e.message
                        raise

            elif eth.get_ether_type() == IP6.IP6.ethertype:
                ip6_decoder = ImpactDecoder.IP6Decoder()
                ip6 = ip6_decoder.decode(packet[off:])
                src = ip6.get_source_address()
                packetdata = ip6.get_data_as_string()
                self.logger.debug(
                    'Skipping IPv6 packet (not supported for this plugin)')

            if not packetdata:
                return None

            return None

        except Exception as e:
            raise

        return None
Exemplo n.º 22
0
 async def _get_dns_response(qname, record_type):
     query_bytes = message.make_query(qname, record_type).to_wire()
     response_bytes = await dns_c2.handler.generate_dns_tunneling_response_bytes(
         query_bytes)
     return message.from_wire(response_bytes)
Exemplo n.º 23
0
 def handle(self, data, address):
     query_msg = from_wire(data)
     assert len(query_msg.question) == 1
     client = DNSClient('192.168.6.2')
     response_msg = client.query(query_msg)
     self.socket.sendto(response_msg.to_wire(), address)
Exemplo n.º 24
0
def main():
    s = Socket(AF_INET, SOCK_DGRAM)
    s.bind(("", 53))
    while True:
        message = s.recv(1500)
        print repr(from_wire(message))
Exemplo n.º 25
0
 def _get_dns_response(qname, record_type):
     query_bytes = message.make_query(qname, record_type).to_wire()
     response_bytes = loop.run_until_complete(
         dns_c2.handler.generate_dns_tunneling_response_bytes(query_bytes))
     return message.from_wire(response_bytes)
Exemplo n.º 26
0
def dns_doh(domain, threat):
    detected = {}
    message = doh.make_query(domain, 'A')
    dns_req = base64.urlsafe_b64encode(message.to_wire()).\
        decode("UTF8").rstrip("=")

    try:
        resp = requests.get(dnssec['elevenpaths']['url'],
                            params={"dns": dns_req},
                            headers={"Content-type": ct})
    except requests.RequestException:
        return detected

    if ct not in resp.headers["Content-Type"]:
        detected = {}
        return detected

    ips = []
    answers = []
    for response in doh.from_wire(resp.content).answer:
        answers = response.to_text().split("\n")

    for answer in answers:
        output = answer.split()
        ips.append(output[len(output) - 1])

    if dnssec['elevenpaths']['malware_ip'] in ips:
        detected[threat] = {}
        detected[threat]['report_DoH'] = 'Malware'
        detected[threat]['domain'] = domain
        detected[threat]['A'] = ''
        detected[threat]['MX'] = ''
    elif not ips:
        detected = ()
    else:
        detected[threat] = {}
        detected[threat]['report_DoH'] = 'Good'
        detected[threat]['domain'] = domain
        detected[threat]['A'] = ips

        mess_mx = doh.make_query(domain, 'MX')
        dns_mx = base64.urlsafe_b64encode(mess_mx.to_wire()).\
            decode("UTF8").rstrip("=")
        try:
            res_mx = requests.get(dnssec['elevenpaths']['url'],
                                  params={"dns": dns_mx},
                                  headers={"Content-type": ct})
        except requests.RequestException:
            detected[threat]['MX'] = ''
            return detected

        if ct not in res_mx.headers["Content-Type"]:
            detected[threat]['MX'] = ''
            return detected

        detected[threat]['MX'] = []
        ans = []
        for response in doh.from_wire(res_mx.content).answer:
            ans = response.to_text().split("\n")

        for ans_mx in ans:
            output = ans_mx.split()
            detected[threat]['MX'].append(output[len(output) - 1])

    return detected
Exemplo n.º 27
0
 def handle_read(self):
     data = self.recv(4096)
     answer = message.from_wire(data)
     print answer.answer[0].to_text()