Created
November 27, 2015 02:33
-
-
Save inaz2/74ee3af6842b7724a827 to your computer and use it in GitHub Desktop.
DNS server that always responds the same address
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| import struct | |
| respond_addr = '127.0.0.1' | |
| def parse_qname(qname): | |
| labels = [] | |
| while qname: | |
| length = ord(qname[0]) | |
| label = qname[1:1+length] | |
| labels.append(label) | |
| qname = qname[1+length:] | |
| return '.'.join(labels) | |
| s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) | |
| s.bind(('', 53)) | |
| while True: | |
| data, addr = s.recvfrom(8192) | |
| header = struct.unpack('>HHHHHH', data[:12]) | |
| qname, data = data[12:].split('\x00', 1) | |
| qtype, qclass = struct.unpack('>HH', data[:4]) | |
| # respond with respond_addr only if qtype is A | |
| if qtype == 1: | |
| print "[+] %s %d %d (from %s)" % (parse_qname(qname), qtype, qclass, addr[0]) | |
| data = struct.pack('>HHHHHH', header[0], 0x8180, 1, 1, 0, 0) | |
| data += qname + '\x00' | |
| data += struct.pack('>HH', qtype, qclass) | |
| data += struct.pack('>HHHIH4s', 0xc00c, qtype, qclass, 86400, 4, socket.inet_aton(respond_addr)) | |
| else: | |
| print "[!] %s %d %d (from %s)" % (parse_qname(qname), qtype, qclass, addr[0]) | |
| data = struct.pack('>HHHHHH', header[0], 0x8180, 1, 0, 0, 0) | |
| data += qname + '\x00' | |
| data += struct.pack('>HH', qtype, qclass) | |
| s.sendto(data, addr) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| On server: | |
| $ sudo python dnsd.py | |
| [+] www.example.com 1 1 (from 127.0.0.1) | |
| [+] www.example.net 1 1 (from 127.0.0.1) | |
| [!] www.example.com 28 1 (from 127.0.0.1) | |
| On client: | |
| $ dig @localhost www.example.com A | |
| ; <<>> DiG 9.9.5-3ubuntu0.3-Ubuntu <<>> @localhost www.example.com A | |
| ; (2 servers found) | |
| ;; global options: +cmd | |
| ;; Got answer: | |
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4904 | |
| ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 | |
| ;; QUESTION SECTION: | |
| ;www.example.com. IN A | |
| ;; ANSWER SECTION: | |
| www.example.com. 86400 IN A 127.0.0.1 | |
| ;; Query time: 0 msec | |
| ;; SERVER: 127.0.0.1#53(127.0.0.1) | |
| ;; WHEN: Fri Nov 27 11:30:12 JST 2015 | |
| ;; MSG SIZE rcvd: 49 | |
| $ dig @localhost www.example.net A | |
| ; <<>> DiG 9.9.5-3ubuntu0.3-Ubuntu <<>> @localhost www.example.net A | |
| ; (2 servers found) | |
| ;; global options: +cmd | |
| ;; Got answer: | |
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47312 | |
| ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 | |
| ;; QUESTION SECTION: | |
| ;www.example.net. IN A | |
| ;; ANSWER SECTION: | |
| www.example.net. 86400 IN A 127.0.0.1 | |
| ;; Query time: 2 msec | |
| ;; SERVER: 127.0.0.1#53(127.0.0.1) | |
| ;; WHEN: Fri Nov 27 11:30:18 JST 2015 | |
| ;; MSG SIZE rcvd: 49 | |
| $ dig @localhost www.example.com AAAA | |
| ; <<>> DiG 9.9.5-3ubuntu0.3-Ubuntu <<>> @localhost www.example.com AAAA | |
| ; (2 servers found) | |
| ;; global options: +cmd | |
| ;; Got answer: | |
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9375 | |
| ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 | |
| ;; QUESTION SECTION: | |
| ;www.example.com. IN AAAA | |
| ;; Query time: 3 msec | |
| ;; SERVER: 127.0.0.1#53(127.0.0.1) | |
| ;; WHEN: Fri Nov 27 11:30:24 JST 2015 | |
| ;; MSG SIZE rcvd: 33 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment