Last active
March 28, 2023 13:05
-
-
Save hudson-newey/f95e52d83c675f282ad5c073583539a7 to your computer and use it in GitHub Desktop.
Alerts you if your DNS traffic is being intercepted, cached, or poisoned by a third party
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# a big thank you to dnsparanoia.com for providing these services | |
# this script allows a simple user to test if their DNS requests are being modified without technical knowledge | |
# I will be providing links that explain on the dnsp website what each test does | |
# https://dnsparanoia.com/debug_dns_that_should_fail.php | |
host fail.dnsp.co > /dev/null 2>&1; | |
if [ $? -eq 0 ]; then | |
echo -e "\033[31;40m[ALERT] Potential of DNS Request Interception\033[0m"; | |
fi | |
# https://dnsparanoia.com/debug_dns_with_resolver.php | |
host www.example.org dnsp.co | grep "has address 123.45.67.89" > /dev/null 2>&1; | |
if [ $? -ne 0 ]; then | |
echo -e "\033[31;40m[ALERT] Possible Transparent Proxy Detected\033[0m"; | |
fi | |
host 10.20.30.40.spec.dnsp.co | grep "has address 10.20.30.40" > /dev/null 2>&1; | |
if [ $? -ne 0 ]; then | |
echo -e "\033[31;40m[ALERT] Possible DNS Interception Detected\033[0m"; | |
fi | |
# https://dnsparanoia.com/debug_dns_with_random_response.php | |
diff <(host random.dnsp.co) <(host random.dnsp.co) | |
if [ $? -ne 0 ]; then | |
echo -e "\033[31;40m[ALERT] Possible DNS Caching\033[0m"; | |
fi | |
# https://dnsparanoia.com/debug_dns_with_random_cname.php | |
diff <(host rndname.dnsp.co) <(host rndname.dnsp.co) | |
if [ $? -ne 0 ]; then | |
echo -e "\033[31;40m[ALERT] Possible DNS CNAME Caching\033[0m"; | |
fi | |
# wget should enforce signed SSL certificates. In theory, this test will only fail if your ssl certs are being intercepted and signed by a third party | |
# another possability is that your system / wget is incorrectly configured to accept self signed certificates | |
curl https://www.whatismyproxy.com:8080 > /dev/null 2>&1; | |
if [ $? -eq 0 ]; then | |
echo -e "\033[31;40m[ALERT] Client is accepting self signed SSL certificates\033[0m"; | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment