Skip to content

Instantly share code, notes, and snippets.

@glenux
Last active July 21, 2024 09:20

Revisions

  1. glenux revised this gist Jan 15, 2018. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion Faking DNS from userland.md
    Original file line number Diff line number Diff line change
    @@ -1,6 +1,6 @@
    # Faking DNS from userland

    To give false DNS responses from userland we need to handle different type of syscalls : gethostbyname(), gethostbyname2(), getaddrinfo(), getnameinfo(), etc.
    To give false DNS responses from userland we need to handle different type of syscalls : `gethostbyname()`, `gethostbyname2()`, `getaddrinfo()`, `getnameinfo()`, etc.
    To cover all these cases, and to prevent leaks to real dns servers, we will use two libraries : libresolv_wrapper and libnss_wrapper.


  2. glenux revised this gist Jan 15, 2018. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion Faking DNS from userland.md
    Original file line number Diff line number Diff line change
    @@ -1,7 +1,7 @@
    # Faking DNS from userland

    To give false DNS responses from userland we need to handle different type of syscalls : gethostbyname(), gethostbyname2(), getaddrinfo(), getnameinfo(), etc.
    To cover all these cases, prevent leaks to real dns servers, we will use two libraries : libresolv_wrapper and libnss_wrapper.
    To cover all these cases, and to prevent leaks to real dns servers, we will use two libraries : libresolv_wrapper and libnss_wrapper.


    ## Installation
  3. glenux revised this gist Jan 15, 2018. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion Faking DNS from userland.md
    Original file line number Diff line number Diff line change
    @@ -1,7 +1,7 @@
    # Faking DNS from userland

    To give false DNS responses from userland we need to handle different type of syscalls : gethostbyname(), gethostbyname2(), getaddrinfo(), getnameinfo(), etc.
    To cover all cases, prevent leaks to real dns servers, we will use two libraries : libresolv_wrapper and libnss_wrapper.
    To cover all these cases, prevent leaks to real dns servers, we will use two libraries : libresolv_wrapper and libnss_wrapper.


    ## Installation
  4. glenux revised this gist Jan 15, 2018. 1 changed file with 4 additions and 4 deletions.
    8 changes: 4 additions & 4 deletions Faking DNS from userland.md
    Original file line number Diff line number Diff line change
    @@ -1,12 +1,12 @@
    # Faking DNS from userland

    To give false DNS responses from userland we need to handle different type of syscalls : gethostbyname(), gethostbyname2(), getaddrinfo(), getnameinfo(), etc.
    To cover all cases, prevent leaks to real dns servers, we will use two libraries : libresolv_wrapper and libnss.
    To cover all cases, prevent leaks to real dns servers, we will use two libraries : libresolv_wrapper and libnss_wrapper.


    ## Installation

    Install libresolv_wrapper and libnss from sources
    Install [resolv_wrapper](https://cwrap.org/resolv_wrapper.html) and [nss_wrapper](https://cwrap.org/nss_wrapper.html), either from sources or from your favorite Linux distribution.


    ## Configuration
    @@ -15,7 +15,7 @@ Add the following content to your `.bashrc` (or .profile)

    ```
    export LD_PRELOAD
    export NSS_WRAPPER_HOSTS="$HOME/.hosts"
    export NSS_WRAPPER_HOSTS="$HOME/.fakehosts"
    export RESOLV_WRAPPER_HOSTS="$HOME/.fakedns"
    if [ -f "/usr/local/lib/libresolv_wrapper.so" ]; then
    @@ -31,7 +31,7 @@ fi

    ### Adding a fake DNS

    In your `~/.hosts` :
    In your `~/.fakehosts` :

    ```
    127.0.0.10 my-super-site.example.com www.my-super-site.example.com
  5. glenux renamed this gist Jan 15, 2018. 1 changed file with 0 additions and 0 deletions.
  6. glenux renamed this gist Jan 15, 2018. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion - → Faking DNS from userland
    Original file line number Diff line number Diff line change
    @@ -1,4 +1,4 @@
    # Fake DNS from userland
    # Faking DNS from userland

    To give false DNS responses from userland we need to handle different type of syscalls : gethostbyname(), gethostbyname2(), getaddrinfo(), getnameinfo(), etc.
    To cover all cases, prevent leaks to real dns servers, we will use two libraries : libresolv_wrapper and libnss.
  7. glenux created this gist Jan 15, 2018.
    56 changes: 56 additions & 0 deletions -
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,56 @@
    # Fake DNS from userland

    To give false DNS responses from userland we need to handle different type of syscalls : gethostbyname(), gethostbyname2(), getaddrinfo(), getnameinfo(), etc.
    To cover all cases, prevent leaks to real dns servers, we will use two libraries : libresolv_wrapper and libnss.


    ## Installation

    Install libresolv_wrapper and libnss from sources


    ## Configuration

    Add the following content to your `.bashrc` (or .profile)

    ```
    export LD_PRELOAD
    export NSS_WRAPPER_HOSTS="$HOME/.hosts"
    export RESOLV_WRAPPER_HOSTS="$HOME/.fakedns"

    if [ -f "/usr/local/lib/libresolv_wrapper.so" ]; then
    LD_PRELOAD="/usr/local/lib/libresolv_wrapper.so $LD_PRELOAD"
    fi

    if [ -f "/usr/local/lib/libnss_wrapper.so" ]; then
    LD_PRELOAD="/usr/local/lib/libnss_wrapper.so $LD_PRELOAD"
    fi
    ```

    ## Usage

    ### Adding a fake DNS

    In your `~/.hosts` :

    ```
    127.0.0.10 my-super-site.example.com www.my-super-site.example.com
    192.168.33.100 fake-dns-for-real-site.com www.fake-dns-for-real-site.com
    ```

    and in file `~/.fakedns` :

    ```
    A my-super-site.example.com 127.0.0.10
    A www.my-super-site.example.com 127.0.0.10
    A fake-dns-for-real-site.com 192.168.33.100
    A www.fake-dns-for-real-site.com 192.168.33.100
    ```

    ### Using the fake DNS resolver

    1. First, make sure the environment variable LD_PRELOAD includes both libraries
    2. then run the program (ex: firefox, chrome) that should access to the fake DNS .