Skip to content

Instantly share code, notes, and snippets.

@Riebart
Created April 26, 2018 21:18
Show Gist options
  • Save Riebart/ab5fc540d4763ef9d2ae40f4f55916bc to your computer and use it in GitHub Desktop.
Save Riebart/ab5fc540d4763ef9d2ae40f4f55916bc to your computer and use it in GitHub Desktop.
Read in a file, and respond to any query received with the contents of that file in the CNAME target.
from __future__ import print_function
from scapy.all import *
domain_name = "nhlscore.riebart.ca"
dns_server_ip = '172.31.15.145'
bpf_filter = 'dst port 53 and ip dst {0}'.format(dns_server_ip)
def dns_respond(pkt, rcode=0):
if (DNS in pkt and pkt[DNS].opcode == 0 and pkt[DNS].ancount == 0):
print('Responding to query for "%s" from "%s"' % (pkt[DNSQR].qname, pkt[IP].src))
with open("source.in", "r") as fp:
resp_val = fp.read().strip()
an = (None, DNSRR(rrname=pkt[DNSQR].qname, type=pkt[DNSQR].qtype, rdata=resp_val + ".actual." + domain_name, ttl=60))[rcode == 0]
resp_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst)/\
UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\
DNS(id=pkt[DNS].id, qr=1, rd=1, ra=1, rcode=rcode, qd=pkt[DNS].qd, an=an, ns=None)
send(resp_pkt, verbose=1)
sniff(filter=bpf_filter, prn=dns_respond)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment