Python scapy.all.DNS Examples
The following are 30
code examples of scapy.all.DNS().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
scapy.all
, or try the search function
.
Example #1
Source File: carpa.py From circo with MIT License | 9 votes |
def pkt_callback(self, pkt): """ Proccess DNS packets """ if self.ccname in pkt[DNS].qd.qname: if pkt[DNS].qd.qname == '666.' + self.ccname + '.': print(time.strftime("%Y-%m-%d %H:%M:%S ", time.gmtime()) + 'DNS/PDNS:' + pkt[IP].src + ':ALARM Case Open!') else: text = decrypt(pkt[DNS].qd.qname.split('.')[0]) text = text.strip() hexip = text.split(',')[-1] text = text.replace(hexip, hextoip(hexip)) if pkt[DNS].qd.qtype == 2: text = 'DNS:' + pkt[IP].src + ':' + text else: text = 'PDNS:' + pkt[IP].src + ':' + text printer(self.filed, text)
Example #2
Source File: test_pcap.py From beagle with MIT License | 8 votes |
def test_multiple_packets(): packets = [ # HTTP Packet Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=12345, dport=80) / HTTP() / HTTPRequest(Method="GET", Path="/foo", Host="https://google.com"), # DNS Packet Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / UDP(sport=80, dport=53) / DNS(rd=1, qd=DNSQR(qtype="A", qname="google.com"), an=DNSRR(rdata="123.0.0.1")), # TCP Packet Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=80, dport=5355), ] events = list(packets_to_datasource_events(packets).events()) assert len(events) == 3 assert [e["event_type"] for e in events] == ["HTTPRequest", "DNS", "TCP"]
Example #3
Source File: test_pcap.py From beagle with MIT License | 8 votes |
def test_single_dns_resp_packet(): packets = [ Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / UDP(sport=80, dport=53) / DNS(rd=1, qd=DNSQR(qtype="A", qname="google.com"), an=DNSRR(rdata="123.0.0.1")) ] events = list(packets_to_datasource_events(packets).events()) assert len(events) == 1 assert events[0]["src_mac"] == "ab:ab:ab:ab:ab:ab" assert events[0]["dst_mac"] == "12:12:12:12:12:12" assert events[0]["src_ip"] == "127.0.0.1" assert events[0]["dst_ip"] == "192.168.1.1" assert events[0]["sport"] == 80 assert events[0]["dport"] == 53 assert events[0]["qname"] == "google.com." assert events[0]["qanswer"] == "123.0.0.1" assert events[0]["qtype"] == "A" assert events[0]["event_type"] == "DNS"
Example #4
Source File: mdns_utils.py From cotopaxi with GNU General Public License v2.0 | 6 votes |
def mdns_send_query(test_params, query, send_multicast=True): """Send mDNS query to normal and multicast address.""" dns_sd_query = str(DNS(rd=1, qd=DNSQR(qname=query, qtype="PTR"))) sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) time.sleep(1) udp_sr1(test_params, dns_sd_query) if send_multicast: multicast_test_params = copy.deepcopy(test_params) if test_params.ip_version == 4: multicast_test_params.dst_endpoint.ip_addr = DNS_SD_MULTICAST_IPV4 sock.sendto( str(dns_sd_query), (DNS_SD_MULTICAST_IPV4, multicast_test_params.dst_endpoint.port), ) elif test_params.ip_version == 6: multicast_test_params.dst_endpoint.ip_addr = DNS_SD_MULTICAST_IPV6 sock.sendto( str(dns_sd_query), (DNS_SD_MULTICAST_IPV6, multicast_test_params.dst_endpoint.port), ) else: return
Example #5
Source File: test_networkx.py From beagle with MIT License | 6 votes |
def test_from_datasources(): packets_1 = [ Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=12345, dport=80) / HTTP() / HTTPRequest(Method="GET", Path="/foo", Host="https://google.com") ] packets_2 = [ # HTTP Packet Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=12345, dport=80) / HTTP() / HTTPRequest(Method="GET", Path="/foo", Host="https://google.com"), # DNS Packet Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / UDP(sport=80, dport=53) / DNS(rd=1, qd=DNSQR(qtype="A", qname="google.com"), an=DNSRR(rdata="123.0.0.1")), # TCP Packet Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=80, dport=5355), ] nx = NetworkX.from_datasources( [packets_to_datasource_events(packets) for packets in [packets_1, packets_2]] ) # Make the graph nx.graph() assert not nx.is_empty()
Example #6
Source File: test_pcap.py From beagle with MIT License | 6 votes |
def test_single_dns_query_packet(): packets = [ Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / UDP(sport=80, dport=53) / DNS(rd=1, qd=DNSQR(qtype="A", qname="google.com")) ] events = list(packets_to_datasource_events(packets).events()) assert len(events) == 1 assert events[0]["src_mac"] == "ab:ab:ab:ab:ab:ab" assert events[0]["dst_mac"] == "12:12:12:12:12:12" assert events[0]["src_ip"] == "127.0.0.1" assert events[0]["dst_ip"] == "192.168.1.1" assert events[0]["sport"] == 80 assert events[0]["dport"] == 53 assert events[0]["qname"] == "google.com." assert events[0]["qtype"] == "A" assert events[0]["event_type"] == "DNS"
Example #7
Source File: pcap.py From beagle with MIT License | 6 votes |
def _parse_dns_request(self, dns_layer) -> dict: from scapy.layers.dns import DNS, DNSRR dns_layer = cast(DNS, dns_layer) # Each DNS request has the basic qname/qtype dns_data = { "qname": dns_layer.qd.qname.decode(), # Get 'A/MX/NS' as string rather than number. "qtype": dns_layer.qd.get_field("qtype").i2repr(dns_layer.qd, dns_layer.qd.qtype), } if dns_layer.ancount > 0 and isinstance(dns_layer.an, DNSRR): resp = dns_layer.an.rdata if isinstance(resp, bytes): resp = resp.decode() dns_data["qanswer"] = resp return dns_data
Example #8
Source File: dns_spoof.py From hacking_tools with MIT License | 6 votes |
def spoof_packet(packet): options = get_arguments() dns_packet = scapy.IP(packet.get_payload()) if dns_packet.haslayer(scapy.DNSRR): qname = dns_packet[scapy.DNSQR].qname if options.website in qname: dns_responce = scapy.DNSRR(rrname=qname, rdata=options.ip) dns_packet[scapy.DNS].an = dns_responce dns_packet[scapy.DNS].ancount = 1 del dns_packet[scapy.IP].len del dns_packet[scapy.IP].chksum del dns_packet[scapy.UDP].len del dns_packet[scapy.UDP].chksum packet.set_payload(str(dns_packet)) packet.accept()
Example #9
Source File: common_utils.py From cotopaxi with GNU General Public License v2.0 | 6 votes |
def proto_mapping_request(protocol): """Provide mapping of enum values to implementation classes.""" return { Protocol.ALL: IP, Protocol.UDP: UDP, Protocol.TCP: TCP, Protocol.CoAP: CoAP, Protocol.mDNS: DNS, Protocol.MQTT: MQTT, Protocol.DTLS: DTLS, Protocol.QUIC: UDP, Protocol.RTSP: HTTPRequest, Protocol.SSDP: HTTPRequest, Protocol.HTCPCP: HTTPRequest, Protocol.HTTP: HTTPRequest, }[protocol]
Example #10
Source File: mitm6.py From mitm6 with GNU General Public License v2.0 | 6 votes |
def parsepacket(p): if DHCP6_Solicit in p: target = get_target(p) if should_spoof_dhcpv6(target.host): send_dhcp_advertise(p[DHCP6_Solicit], p, target) if DHCP6_Request in p: target = get_target(p) if p[DHCP6OptServerId].duid == config.selfduid and should_spoof_dhcpv6(target.host): send_dhcp_reply(p[DHCP6_Request], p) print('IPv6 address %s is now assigned to %s' % (p[DHCP6OptIA_NA].ianaopts[0].addr, pcdict[p.src])) if DHCP6_Renew in p: target = get_target(p) if p[DHCP6OptServerId].duid == config.selfduid and should_spoof_dhcpv6(target.host): send_dhcp_reply(p[DHCP6_Renew],p) print('Renew reply sent to %s' % p[DHCP6OptIA_NA].ianaopts[0].addr) if ARP in p: arpp = p[ARP] if arpp.op is 2: #Arp is-at package, update internal arp table arptable[arpp.hwsrc] = arpp.psrc if DNS in p: if p.dst == config.selfmac: send_dns_reply(p)
Example #11
Source File: dns_resolver.py From raw-packet with MIT License | 6 votes |
def _save_result(self, result: Dict[str, str]) -> None: try: self.results.append(result) if 'NS' in result.keys(): self.base.print_success('Domain: ', result['Domain'], ' NS: ', result['NS']) else: with open(RawDnsResolver.temporary_results_filename, 'a') as temporary_file: temporary_file.write('Domain: ' + result['Domain'] + ' IPv4 address: ' + result['IPv4 address'] + ' IPv6 address: ' + result['IPv6 address'] + '\n') if result['IPv6 address'] == '-': print(self.base.cSUCCESS + '[' + str(len(self.uniq_hosts)) + '] ' + self.base.cEND + result['Domain'] + ' - ' + result['IPv4 address']) else: print(self.base.cSUCCESS + '[' + str(len(self.uniq_hosts)) + '] ' + self.base.cEND + result['Domain'] + ' - ' + result['IPv6 address']) except AttributeError: pass except KeyError: pass # endregion # region Parse DNS packet function
Example #12
Source File: dns_resolver.py From raw-packet with MIT License | 6 votes |
def __init__(self, network_interface: str = 'eth0', quiet: bool = False) -> None: """ Init class DnsResolver :param network_interface: Network interface (example: eth0) :param quiet: Quiet mode on if True, quiet mode off if False (default: False) """ # Set network interface for sending DNS queries self.network_interface: str = network_interface # Set quiet mode self.quiet: bool = quiet # Get MAC, IPv4 and IPv6 addresses for network interface self.your_mac_address: str = self.base.get_interface_mac_address(self.network_interface) self.your_ipv4_address: str = self.base.get_interface_ip_address(self.network_interface) self.your_ipv4_network: str = self.base.get_interface_network(self.network_interface) self.your_ipv6_address: str = self.base.get_interface_ipv6_link_address(self.network_interface, False) # endregion # region Write resolve results to file
Example #13
Source File: dns.py From kube-hunter with Apache License 2.0 | 5 votes |
def get_kube_dns_ip_mac(self): config = get_config() kubedns_svc_ip = self.extract_nameserver_ip() # getting actual pod ip of kube-dns service, by comparing the src mac of a dns response and arp scanning. dns_info_res = srp1( Ether() / IP(dst=kubedns_svc_ip) / UDP(dport=53) / DNS(rd=1, qd=DNSQR()), verbose=0, timeout=config.network_timeout, ) kubedns_pod_mac = dns_info_res.src self_ip = dns_info_res[IP].dst arp_responses, _ = srp( Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(op=1, pdst=f"{self_ip}/24"), timeout=config.network_timeout, verbose=0, ) for _, response in arp_responses: if response[Ether].src == kubedns_pod_mac: return response[ARP].psrc, response.src
Example #14
Source File: mdns_utils.py From cotopaxi with GNU General Public License v2.0 | 5 votes |
def convert_dns_ans(dns_ans, ancount): """Convert list of DNS answers to list of rrnames.""" ans_tab = [dns_ans[index].rrname.strip(".") for index in range(ancount)] return ans_tab
Example #15
Source File: mdns_utils.py From cotopaxi with GNU General Public License v2.0 | 5 votes |
def protocol_full_name(): """Provide full (not abbreviated) name of protocol.""" return "Multicast DNS"
Example #16
Source File: fake_dns_server.py From how-to-build-a-tcp-proxy with The Unlicense | 5 votes |
def run(iface, local_ip, sniff_filter, spoof_domains): print("#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#") print("-#-#-#-#-#-RUNNING DNS SPOOFER-#-#-#-#-#-") print("#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#") print("Interface:\t\t\t%s" % iface) print("Resolving to IP:\t\t%s" % local_ip) print("Spoof domains:\t\t%s" % ', '.join(spoof_domains)) print("BPF sniff filter:\t\t%s" % sniff_filter) print("") print("Waiting for DNS requests...") print("(Make sure the device you are targeting is set to use"\ "your local IP (%s) as its DNS server)" % local_ip) scapy.sniff(iface=iface, filter=sniff_filter, prn=handle_packet_fn(iface, local_ip, spoof_domains))
Example #17
Source File: dns.py From kube-hunter with Apache License 2.0 | 5 votes |
def __init__(self, kubedns_pod_ip): Vulnerability.__init__( self, KubernetesCluster, "Possible DNS Spoof", category=IdentityTheft, vid="KHV030", ) self.kubedns_pod_ip = kubedns_pod_ip self.evidence = "kube-dns at: {}".format(self.kubedns_pod_ip) # Only triggered with RunningAsPod base event
Example #18
Source File: arpy.py From arpy with MIT License | 5 votes |
def dnshandle(pkt): if dns_sniff_gource: sys.stdout = open(random_filename+'parsed_nmap', 'a') FQDN = pkt.getlayer(scapy.DNS).qd.qname domain = FQDN.split('.') print str(time.time())[:-3] + "|" + target + "|A|" + str(domain[1]) + '/' + str(FQDN) else: if pkt.haslayer(scapy.DNS): print(bcolours.OKBLUE + pkt.getlayer(scapy.IP).src + '\t' + pkt.getlayer(scapy.IP).dst + '\t' + bcolours.WARNING + pkt.getlayer(scapy.DNS).qd.qname + bcolours.ENDC)
Example #19
Source File: time_test.py From raw-packet with MIT License | 5 votes |
def scapy_send_dns_requests(number_of_packets): for _ in range(number_of_packets): dns_request = Ether(src=ethernet_src, dst=ethernet_dst) /\ IP(src=ip_src, dst=ip_dst) /\ UDP(dport=53, sport=randint(1024, 65535)) /\ DNS(id=randint(1, 1000), rd=1, qd=DNSQR(qname="www." + str(randint(1, 1000)) + ".com")) sendp(dns_request, verbose=False) # endregion # region Main function
Example #20
Source File: time_test.py From raw-packet with MIT License | 5 votes |
def raw_packet_send_dns_requests(number_of_packets): for _ in range(number_of_packets): dns_request = dns.make_a_query(src_mac=ethernet_src, dst_mac=ethernet_dst, src_ip=ip_src, dst_ip=ip_dst, src_port=randint(1024, 65535), dst_port=53, tid=randint(1, 1000), names=['www.' + str(randint(1, 1000)) + '.com']) global_socket.send(dns_request) # endregion # region Send DNS Request packets in scapy
Example #21
Source File: time_test.py From raw-packet with MIT License | 5 votes |
def scapy_send_dhcp_discover_requests(number_of_packets): for _ in range(number_of_packets): dhcp_discover_request = Ether(src=ethernet_src, dst='ff:ff:ff:ff:ff:ff') /\ IP(src='0.0.0.0', dst='255.255.255.255') /\ UDP(dport=67, sport=68) /\ BOOTP(chaddr=ethernet_src, xid=randint(1, 4294967295)) /\ DHCP(options=[('message-type', 'discover'), 'end']) sendp(dhcp_discover_request, verbose=False) # endregion # region Send DNS Request packets in raw-packet
Example #22
Source File: dns_resolver.py From raw-packet with MIT License | 5 votes |
def _sniff_stop(self): while self.base.get_process_pid('tshark') != -1: kill(self.base.get_process_pid('tshark'), SIGTERM) sleep(1) try: packets = rdpcap(RawDnsResolver.tshark_pcap_filename) for packet in packets: self._parse_packet(packet) except ValueError: pass # endregion # region Send DNS queries to IPv4 NS server
Example #23
Source File: dns_resolver.py From raw-packet with MIT License | 5 votes |
def _sniff_start(self, destination_mac_address: str, destination_ipv4_address: str, destination_ipv6_address: str, source_port: int = 53) -> None: """ Sniff DNS answers :param destination_mac_address: Destination MAC address in DNS answer (most likely this is MAC address on your network interface) :param destination_ipv4_address: Destination IPv4 address in DNS answer (most likely this is IPv4 address on your network interface) :param destination_ipv6_address: Destination IPv6 address in DNS answer (most likely this is IPv6 address on your network interface) :param source_port: Source UDP port in DNS answer (default: 53 - default port for DNS servers) :return: None """ while self.base.get_process_pid('tshark') != -1: kill(self.base.get_process_pid('tshark'), SIGINT) sleep(1) try: remove(RawDnsResolver.tshark_pcap_filename) except FileNotFoundError: pass tshark_command: str = 'tshark -i ' + self.network_interface + \ ' -f "ether dst ' + destination_mac_address + \ ' and ip dst ' + destination_ipv4_address + \ ' and udp src port ' + str(source_port) + \ '" -B 65535 -w ' + RawDnsResolver.tshark_pcap_filename + \ ' 1>/dev/null 2>&1' self.tshark_process = Popen(tshark_command, shell=True) sleep(0.5) while self.base.get_process_pid('tshark') == -1: input(self.base.c_warning + 'Start tshark: ' + self.base.info_text(tshark_command) + ' and press Enter to continue ...') sleep(1) # endregion # region Check tshark
Example #24
Source File: arpy.py From arpy with MIT License | 5 votes |
def main(): try: if user.CURRENT_USER_ID <> 0: unprivileged_user_print(user.CURRENT_USER_NAME) if dns_sniff_gource: print(bcolours.OKBLUE + '[INFO] For a live gource feed run this command in parallel with this one:' + bcolours.WARNING + '\n\ntail -f ' + random_filename + 'parsed_nmap | tee /dev/stderr | gource -log-format custom -a 1 --file-idle-time 0 -\n\n' + bcolours.ENDC) #This check is to see if anything but gource parser is set if (not dns_sniff_gource) or (dns_sniff or sniff_pkts): print banner() #check if we actually have some info if target == None or gateway == None and interface == None: options.print_help() return if dns_sniff: print(bcolours.OKBLUE + '\n [Info] Starting DNS Sniffer...\n' + bcolours.ENDC) elif sniff_pkts: print(bcolours.OKBLUE + '\n [Info] Starting Sniffer...\n' + bcolours.ENDC) if dns_sniff_gource or dns_sniff or sniff_pkts: setup_ipv_forwarding() print (bcolours.OKBLUE + '[Info] Filter: ' + filter_parser() + bcolours.ENDC) print ("Target\tDNS\tFQDN") while True: start_poisen(target, interface, filter_parser()) else: options.print_help() except KeyboardInterrupt: print(bcolours.WARNING + ' [Warning] Stopping...' + bcolours.ENDC) sys.exit(3)
Example #25
Source File: packet_processor.py From iot-inspector-client with MIT License | 4 votes |
def _process_packet_helper(self, pkt): if sc.ARP in pkt: return self._process_arp(pkt) if sc.DHCP in pkt: return self._process_dhcp(pkt) # SYN-ACK response to SYN scans if sc.TCP in pkt and pkt[sc.TCP].flags == 'SA' and sc.IP in pkt: tcp_layer = pkt[sc.TCP] if tcp_layer.dport == SYN_SCAN_SOURCE_PORT and tcp_layer.ack == SYN_SCAN_SEQ_NUM + 1: return self._process_syn_scan(pkt) # Must have Ether frame and IP frame. if not (sc.Ether in pkt and sc.IP in pkt): return src_mac = pkt[sc.Ether].src dst_mac = pkt[sc.Ether].dst src_oui = utils.get_oui(src_mac) dst_oui = utils.get_oui(dst_mac) # Include only devices for internal testing (if set) if utils.TEST_OUI_LIST: if not (src_oui in utils.TEST_OUI_LIST or dst_oui in utils.TEST_OUI_LIST): return # Ignore traffic to and from this host's IP if self._host_state.host_ip in (pkt[sc.IP].src, pkt[sc.IP].dst): return # DNS if sc.DNS in pkt: self._process_dns(pkt) # Commented out the following. We want to see traffic between device and gateway. # # Ignore traffic to and from the gateway's IP # if self._host_state.gateway_ip in (pkt[sc.IP].src, pkt[sc.IP].dst): # return # TCP/UDP if sc.TCP in pkt: protocol = 'tcp' elif sc.UDP in pkt: protocol = 'udp' else: return return self._process_tcp_udp_flow(pkt, protocol)
Example #26
Source File: packet_processor.py From iot-inspector-client with MIT License | 4 votes |
def _process_dns(self, pkt): src_mac = pkt[sc.Ether].src dst_mac = pkt[sc.Ether].dst src_ip = pkt[sc.IP].src dst_ip = pkt[sc.IP].dst # Find device ID if pkt[sc.DNS].qr == 0: # DNS request if dst_mac == self._host_state.host_mac: device_mac = src_mac resolver_ip = dst_ip else: return else: # DNS response if src_mac == self._host_state.host_mac: device_mac = dst_mac resolver_ip = src_ip else: return device_id = utils.get_device_id(device_mac, self._host_state) # Parse domain try: domain = pkt[sc.DNSQR].qname.decode('utf-8').lower() except Exception: return # Remove trailing dot from domain if domain[-1] == '.': domain = domain[0:-1] # Parse DNS response ip_set = set() if sc.DNSRR in pkt and pkt[sc.DNS].an: for ix in range(pkt[sc.DNS].ancount): # Extracts A-records if pkt[sc.DNSRR][ix].type == 1: # Extracts IPv4 addr in A-record ip = pkt[sc.DNSRR][ix].rdata if utils.is_ipv4_addr(ip): ip_set.add(ip) with self._host_state.lock: dns_key = (device_id, domain, resolver_ip, 0) current_ip_set = self._host_state \ .pending_dns_dict.setdefault(dns_key, set()) ip_set = ip_set | current_ip_set self._host_state.pending_dns_dict[dns_key] = ip_set
Example #27
Source File: dns_resolver.py From raw-packet with MIT License | 4 votes |
def _send_ipv6_queries(self, source_mac_address: str, source_ipv6_address: str, ns_server_mac_address: str, ns_server_ipv6_address: str, ns_server_port: int, queries: List[Dict[str, Union[int, str]]], send_socket: socket) -> None: """ Send DNS queries to IPv6 DNS servers :param source_mac_address: Source MAC address for DNS query (most likely this is MAC address on your network interface) :param source_ipv6_address: Source IPv6 address for DNS query (most likely this is IPv6 address on your network interface) :param ns_server_mac_address: DNS server MAC address for DNS query :param ns_server_ipv6_address: DNS server IPv6 address for DNS query :param ns_server_port: DNS server destination UDP port for DNS query (default: 53) :param queries: List of DNS queries for sending (example: [{'type': 1, 'class': 1, 'name': 'www.test.com'}]) :param send_socket: Raw socket for sending DNS queries :return: None """ for query in queries: # Set source UDP port and DNS transaction ID for sending DNS query udp_source_port: int = randint(2049, 65535) dns_transaction_id: int = randint(1, 65535) send_socket.send(self.dns.make_ipv6_request_packet(ethernet_src_mac=source_mac_address, ethernet_dst_mac=ns_server_mac_address, ip_src=source_ipv6_address, ip_dst=ns_server_ipv6_address, udp_src_port=udp_source_port, udp_dst_port=ns_server_port, transaction_id=dns_transaction_id, queries=[query])) # self.index_of_dns_query += 1 # current_percent_of_complete = int((self.index_of_dns_query / self.number_of_dns_queries) * 100) # if current_percent_of_complete > self.percent_of_complete: # self.percent_of_complete = current_percent_of_complete # stdout.write('\r') # stdout.write(self.base.c_info + 'DNS resolve percentage: ' + # self.base.info_text(str(self.percent_of_complete) + '%') + # ' length of results: ' + self.base.info_text(str(len(self.results)))) # stdout.flush() # sleep(0.01) # endregion # region Send DNS queries function
Example #28
Source File: dns_sniffer.py From DNS_sniffer with Creative Commons Zero v1.0 Universal | 4 votes |
def process(pkt): global quiet global databaseConn if pkt.haslayer(DNSQR) and UDP in pkt and pkt[UDP].sport == 53: # pkt[IP].dst == IP source of the DNS request # pkt[IP].src == IP of the DNS server # pkt[DNS].an.rrname == DNS name query = pkt[DNS].an.rrname if pkt[DNS].an != None else "?" if not pkt[IP].dst in queries_liste: queries_liste[pkt[IP].dst] = {} if not pkt[IP].src in queries_liste[pkt[IP].dst]: queries_liste[pkt[IP].dst][pkt[IP].src] = {} if not query in queries_liste[pkt[IP].dst][pkt[IP].src]: queries_liste[pkt[IP].dst][pkt[IP].src][query] = 1 else: queries_liste[pkt[IP].dst][pkt[IP].src][query] += 1 if databaseConn and query != None and None != "?": databaseCursor.execute("INSERT OR IGNORE INTO domains (domain) VALUES (?);", (query,)) databaseConn.commit() databaseCursor.execute("SELECT idDomain FROM domains WHERE domain=?;", (query,)) domainId = databaseCursor.fetchone()[0] databaseCursor.execute("SELECT count, idWhoAsk FROM whoAsk WHERE ipFrom=? AND ipTo=? AND domainId=?;", (pkt[IP].src, pkt[IP].dst, domainId)) whoAsk = databaseCursor.fetchone() if whoAsk: databaseCursor.execute("UPDATE whoAsk SET count=? WHERE idWhoAsk=?",(whoAsk[0]+1 if whoAsk[0] else 2, whoAsk[1])) else: databaseCursor.execute("INSERT INTO whoAsk (ipFrom, ipTo, domainId, count) VALUES (?,?,?,1);", (pkt[IP].src, pkt[IP].dst, domainId)) databaseConn.commit() if not quiet: system('clear') print("{:15s} | {:15s} | {:15s} | {}".format("IP source", "DNS server", "Count DNS request", "Query")) for ip in queries_liste: print("{:15s}".format(ip)) # IP source for query_server in queries_liste[ip]: print(" "*18+"{:15s}".format(query_server)) # IP of DNS server for query in queries_liste[ip][query_server]: print(" "*36+"{:19s} {}".format(str(queries_liste[ip][query_server][query]),query)) # Count DNS request | DNS
Example #29
Source File: mitm6.py From mitm6 with GNU General Public License v2.0 | 4 votes |
def send_dns_reply(p): if IPv6 in p: ip = p[IPv6] resp = Ether(dst=p.src, src=p.dst)/IPv6(dst=ip.src, src=ip.dst)/UDP(dport=ip.sport, sport=ip.dport) else: ip = p[IP] resp = Ether(dst=p.src, src=p.dst)/IP(dst=ip.src, src=ip.dst)/UDP(dport=ip.sport, sport=ip.dport) dns = p[DNS] #only reply to IN, and to messages that dont contain answers if dns.qd.qclass != 1 or dns.qr != 0: return #Make sure the requested name is in unicode here reqname = dns.qd.qname.decode() #A request if dns.qd.qtype == 1: rdata = config.selfipv4 #AAAA request elif dns.qd.qtype == 28: rdata = config.selfaddr #PTR request elif dns.qd.qtype == 12: # To reply for PTR requests for our own hostname # comment the return statement return if reqname == config.selfptr: #We reply with attacker.domain rdata = 'attacker.%s' % config.localdomain else: return #Not handled else: return if should_spoof_dns(reqname): resp /= DNS(id=dns.id, qr=1, qd=dns.qd, an=DNSRR(rrname=dns.qd.qname, ttl=100, rdata=rdata, type=dns.qd.qtype)) try: sendp(resp, iface=config.default_if, verbose=False) except socket.error as e: print('Error sending spoofed DNS') print(e) if config.debug: ls(resp) print('Sent spoofed reply for %s to %s' % (reqname, ip.src)) else: if config.verbose or config.debug: print('Ignored query for %s from %s' % (reqname, ip.src)) # Helper function to check whether any element in the list "matches" value
Example #30
Source File: dns_resolver.py From raw-packet with MIT License | 4 votes |
def _parse_packet(self, packet) -> None: """ Parse DNS answers :param packet: DNS packet :return: None """ try: assert packet.haslayer(IP), 'Is not IPv4 packet!' assert packet.haslayer(UDP), 'Is not UDP packet!' assert packet.haslayer(DNS), 'Is not DNS packet!' assert packet[IP].dst == self.your_ipv4_address, 'Not your destination IPv4 address!' assert packet[UDP].sport == 53, 'UDP source port != 53' assert packet[DNS].ancount != 0, 'DNS answer is empty!' for answer_index in range(packet[DNS].ancount): dns_answer = packet[DNS].an[answer_index] name: bytes = dns_answer.rrname name: str = name.decode('utf-8')[:-1] assert self.domain in name, 'Not found target domain in DNS answer!' address: str = '' if isinstance(dns_answer.rdata, bytes): address: bytes = dns_answer.rdata address: str = address.decode('utf-8') if isinstance(dns_answer.rdata, str): address: str = dns_answer.rdata match_host = next((host for host in self.uniq_hosts if host['name'] == name and host['address'] == address), None) if match_host is None: self.uniq_hosts.append({'name': name, 'address': address}) if dns_answer.type == 2: self._save_result({'Domain': name, 'NS': address}) if dns_answer.type == 1: self._save_result({'Domain': name, 'IPv4 address': address, 'IPv6 address': '-'}) if dns_answer.type == 28: self._save_result({'Domain': name, 'IPv4 address': '-', 'IPv6 address': address}) except AssertionError: pass except UnicodeDecodeError: pass # endregion # region Start tshark