def dns_qd_question_ipExist(self):
src_ref = '181.149.152.176'
dst_ref = '125.195.213.93'
src_rev = '176.152.149.181.in-addr.arpa'
ref_pkt = dns.DNS(qdcount=1, qd=[DNSQR(qtype=12, qname='79.255.233.124.in-addr.arpa')])
mac_pkt = dns.DNS(qdcount=1, qd=[DNSQR(qtype=12, qname=src_rev)])
data = lib.build_mock_dict()
pp.dns_change_ips(mac_pkt, data)
self.assertTrue( lib.compare_mac_pkts(ref_pkt, mac_pkt), msg= (str(ref_pkt) + ' == ' + str(mac_pkt)) )
def execute(self):
infile = self.args['infile'].read()
hexed = gzip.compress(infile).hex()
chunks = [
hexed[i:i + self.CHUNK_SIZE]
for i in range(0, len(hexed), self.CHUNK_SIZE)
]
lpz.logger.info('-> Sending DNS requests')
for chunk in chunks:
lpz.logger.debug(f'Sending "{chunk}"')
query = dns.DNS(rd=1, qd=dns.DNSQR(qname=chunk))
self.send(bytes(query))
query = dns.DNS(rd=1, qd=dns.DNSQR(qname=EOT_RESPONSE[0]))
self.send(bytes(query))
def dns_qd_questions_ipNotExist(self):
src_ref = '83.78.233.252'
dst_ref = '125.195.213.93'
src_rev = '252.233.78.83.in-addr.arpa'
src_rev = '93.213.195.125.in-addr.arpa'
ref_pkt = dns.DNS(qdcount=2, qd=[DNSQR(qtype=12, qname=src_rev), DNSQR(qtype=12, qname=src_rev) ])
mac_pkt = dns.DNS(qdcount=2, qd=[DNSQR(qtype=12, qname=src_rev), DNSQR(qtype=12, qname=src_rev) ])
data = lib.build_mock_dict()
pp.dns_change_ips(mac_pkt, data)
self.assertTrue( lib.compare_mac_pkts(ref_pkt, mac_pkt), msg= (str(ref_pkt) + ' == ' + str(mac_pkt)) )
def main(self):
try:
while not self.is_stopped():
if self._poll(0.1):
s = self._recv()
try:
demux_tok, metadata_len = struct.unpack('!cH', s[:3])
metadata = s[3:metadata_len+3]
data = s[metadata_len+3:]
parsed_metadata = l2.Ether(metadata)
parsed_data = scapy_dns.DNS(data)
if demux_tok == '\x00':
forged_metadata = self._forge_scapy_response(parsed_metadata)
m = forged_metadata / parsed_data
self._send(demux_tok + str(m))
elif demux_tok == '\xFF':
if parsed_metadata.haslayer(scapy_inet.IP):
del parsed_metadata[scapy_inet.IP].chksum
else:
del parsed_metadata[scapy_inet6.IPv6].chksum
del parsed_metadata[scapy_inet.UDP].chksum
m = parsed_metadata / parsed_data
self._send(demux_tok + str(m))
else:
if not self.quiet:
self._view.error('Invalid demux token: {:x}. Dropping.'.format(ord(demux_tok)))
except:
if not self.quiet:
self._view.error('Unparsable frame. Dropping: ' + str(e))
print s
except (IOError, EOFError):
pass
def dns_response(self, pkt, ip_address=None):
if not ip_address:
ip_address = self.random_ip()
return bytes(
dns.DNS(id=random.randint(0, 10000),
qd=pkt[dns.DNS].qd,
aa=1,
qr=1,
an=dns.DNSRR(rrname=pkt[dns.DNS].qd.qname,
ttl=100,
rdata=ip_address)))
def handle(self, request, client_address):
data = self.receive(request)
sock = request[1]
pkt = dns.DNS(data)
qname = pkt[dns.DNS].qd.qname
if qname == EOT_RESPONSE[0]:
msg = self.msg_buffer.replace(b'.', b'')
dehexed = bytearray.fromhex(msg.decode('utf8'))
decompressed = gzip.decompress(dehexed)
self.output_write(decompressed)
response = self.dns_response(pkt, EOT_RESPONSE[1])
else:
self.msg_buffer += qname
response = self.dns_response(pkt)
sock.sendto(response, client_address)
def build_query():
# TODO all those should have ability to be set from test level
msg = dns.DNS(id=1,
qr=0,
opcode="QUERY",
aa=0,
tc=0,
rd=0,
ra=0,
z=0,
rcode="ok",
qdcount=1,
ancount=0,
nscount=0,
arcount=0)
# if there will be need we could build here answers, authoritative_nameservers and additional_records.
if hasattr(world, 'question_record'):
msg.qd = world.question_record
world.dns_query = msg