Skip to content

Instantly share code, notes, and snippets.

@gema-arta

gema-arta/Faking DNS from userland.md

Forked from glenux/Faking DNS from userland.md
Created February 1, 2022 17:07
Show Gist options
  • Save gema-arta/8f14ce31d97fe93d8ef73b8c1fba2d2a to your computer and use it in GitHub Desktop.
Save gema-arta/8f14ce31d97fe93d8ef73b8c1fba2d2a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Faking DNS from userland.md

Faking DNS from userland

To give false DNS responses from userland we need to handle different type of syscalls : gethostbyname(), gethostbyname2(), getaddrinfo(), getnameinfo(), etc. To cover all these cases, and to prevent leaks to real dns servers, we will use two libraries : libresolv_wrapper and libnss_wrapper.

Installation

Install resolv_wrapper and nss_wrapper, either from sources or from your favorite Linux distribution.

Configuration

Add the following content to your .bashrc (or .profile)

export LD_PRELOAD
export NSS_WRAPPER_HOSTS="$HOME/.fakehosts"
export RESOLV_WRAPPER_HOSTS="$HOME/.fakedns"

if [ -f "/usr/local/lib/libresolv_wrapper.so" ]; then
        LD_PRELOAD="/usr/local/lib/libresolv_wrapper.so $LD_PRELOAD"
fi

if [ -f "/usr/local/lib/libnss_wrapper.so" ]; then
        LD_PRELOAD="/usr/local/lib/libnss_wrapper.so $LD_PRELOAD"
fi

Usage

Adding a fake DNS

In your ~/.fakehosts :

127.0.0.10      my-super-site.example.com www.my-super-site.example.com
192.168.33.100   fake-dns-for-real-site.com   www.fake-dns-for-real-site.com

and in file ~/.fakedns :

A   my-super-site.example.com 127.0.0.10
A   www.my-super-site.example.com 127.0.0.10
A   fake-dns-for-real-site.com 192.168.33.100
A   www.fake-dns-for-real-site.com        192.168.33.100

Using the fake DNS resolver

  1. First, make sure the environment variable LD_PRELOAD includes both libraries
  2. then run the program (ex: firefox, chrome) that should access to the fake DNS .
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment