small tips
root@ubuntu:~# tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Ubuntu 13.04"
root@ubuntu:~# uname -ri
3.8.0-25-generic x86_64
root@ubuntu:~#
# apt-get install python-scapy
|
With scapy, you can generate a wide variety of packets.
# cat -n dns_send_quereis.py
1
2
3 #!/usr/bin/env python
4 from scapy.all import *
5
6 domain = "foo.bar"
7
8 for i in range(0,10):
9 s = RandString(RandNum(1,10))
10 s1 = s.lower()
11 q = s1 + "." + domain
12 packet = (IP(src="192.168.11.5",dst="192.168.11.1")/UDP(sport=RandShort())/DNS(id=1000,rd=1,qd=DNSQR(qname=q)))
13 res = sr(packet)
|
The following is capture data when generating DNS queries.
# tshark -r aa.pcap -R '(ip.dst==192.168.11.1)'
1 0.000000000 192.168.11.5 -> 192.168.11.1 DNS 78 Standard query 0x03e8 A t1kf9c2sb8.foo.bar
3 0.048929000 192.168.11.5 -> 192.168.11.1 DNS 74 Standard query 0x03e8 A p5hpfp.foo.bar
5 0.201269000 192.168.11.5 -> 192.168.11.1 DNS 78 Standard query 0x03e8 A 3icf8bavow.foo.bar
7 0.270188000 192.168.11.5 -> 192.168.11.1 DNS 76 Standard query 0x03e8 A ajjpm3s9.foo.bar
9 0.307058000 192.168.11.5 -> 192.168.11.1 DNS 71 Standard query 0x03e8 A ljs.foo.bar
11 0.404297000 192.168.11.5 -> 192.168.11.1 DNS 76 Standard query 0x03e8 A brqoaf8p.foo.bar
13 0.461205000 192.168.11.5 -> 192.168.11.1 DNS 74 Standard query 0x03e8 A xtr5js.foo.bar
|
send malformed DNS queries
# cat -n dns_send_quereis_02.py
1 #!/usr/bin/env python
2
3 from scapy.all import *
4
5 domain = "foo.bar"
6
7 for i in range(0,10):
8 s = RandString(RandNum(1,10))
9 s1 = s.lower()
10 q = s1 + "." + domain
11 packet = (IP(src="192.168.11.5",dst="192.168.11.1")/UDP(sport=RandShort())/DNS(id=1,rd=1,tc=1,ra=1,z=1,qdcount=1,ancount=1,nscount=1,arcount=1,qd=DNSQR(qname=q,qtype="A",qclass="IN")))
12 res = sr(packet)
|
cap data.
Domain Name System (query)
Transaction ID: 0x0001
Flags: 0x0390 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..1. .... .... = Truncated: Message is truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data: Acceptable
Questions: 1
Answer RRs: 1
Authority RRs: 1
Additional RRs: 1
Queries
50ese2.foo.bar: type A, class IN
Name: 50ese2.foo.bar
Type: A (Host address)
Class: IN (0x0001)
|
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.