考虑这个简单的python dns spoofer:
#!/usr/bin/python3
import socket
from scapy.all import *
port = 53
def handle(payload):
data = payload[0]
src_ip = payload[1][0]
src_port = payload[1][1]
print("-" * 10 + " Incoming " + "-" * 10)
a = DNS(data)
a.show2()
output = IP(dst=src_ip, chksum = 0)/ UDP(sport=53, dport=src_port) / DNS(id=a.id, qr=1, opcode=a.opcode, aa=1, tc=0, rd=1, ra=1, z=0, ad=0, cd=0, rcode=0, qdcount=1, ancount=1, nscount=0, arcount=0,qd=DNSQR(qname=a[DNS].qd.qname, qtype=a[DNS].qd.qtype, qclass=a[DNS].qd.qclass), an=DNSRR(rrname='cnn.com', rdata='192.168.1.100'), )
print("-" * 10 + " Output " + "-" * 10)
output.show2()
send(output)
if __name__ == "__main__":
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) # create a socket object
s.bind(("", port))
while True:
payload = s.recvfrom(1024)
handle(payload)
我将从sudo运行它(因此我可以绑定到udp端口53):
$ sudo python3 -i ./dns_python.py
但是我的请求超时了:
$ host cnn.com 127.0.0.1
;; connection timed out; no servers could be reached
我需要帮助找出如何成功欺骗:
更多详细信息:
$ sudo python3 -i ./dns_python.py
---------- Incoming ----------
###[ DNS ]###
id = 59652
qr = 0
opcode = QUERY
aa = 0
tc = 0
rd = 1
ra = 0
z = 0
ad = 0
cd = 0
rcode = ok
qdcount = 1
ancount = 0
nscount = 0
arcount = 0
\qd \
|###[ DNS Question Record ]###
| qname = 'cnn.com.'
| qtype = A
| qclass = IN
an = None
ns = None
ar = None
---------- Output ----------
###[ IP ]###
version = 4
ihl = 5
tos = 0x0
len = 76
id = 1
flags =
frag = 0
ttl = 64
proto = udp
chksum = 0x0
src = 127.0.0.1
dst = 127.0.0.1
\options \
###[ UDP ]###
sport = domain
dport = 36774
len = 56
chksum = 0xb87f
###[ DNS ]###
id = 59652
qr = 1
opcode = QUERY
aa = 1
tc = 0
rd = 1
ra = 1
z = 0
ad = 0
cd = 0
rcode = ok
qdcount = 1
ancount = 1
nscount = 0
arcount = 0
\qd \
|###[ DNS Question Record ]###
| qname = 'cnn.com.'
| qtype = A
| qclass = IN
\an \
|###[ DNS Resource Record ]###
| rrname = 'cnn.com.'
| type = A
| rclass = IN
| ttl = 0
| rdlen = 4
| rdata = '192.168.1.100'
ns = None
ar = None
.
Sent 1 packets.
当我从ngrep -d lo''src或dst port 53窗口观看时,看到数据包。任何帮助将不胜感激!
答案 0 :(得分:-1)
Scapy不适用于127.0.0.1或在回送界面上
http://scapy.readthedocs.io/en/latest/troubleshooting.html
回送接口是一个非常特殊的接口。经过它的小包并没有真正组装和拆卸。内核将数据包路由到其目的地,同时仍将其存储为内部结构。使用tcpdump -i lo看到的内容只是一个伪造品,使您认为一切正常。内核不知道Scapy在背后做了什么,因此在环回接口上看到的内容也是假的。除了这一点,它不是来自本地结构。因此内核将永远不会收到它。
为了与本地应用程序对话,您需要使用PF_INET / SOCK_RAW套接字而不是PF_PACKET / SOCK_RAW(或Linux以外的其他系统上的等效项),在上一层上构建数据包: