Here is a sample script of how to send DNS queries to multiple IPs from one IP address with Python scapy.
# tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Ubuntu 13.10"
# apt-get install python-scapy
|
# cat send_queries_03.py -n
1 #!/usr/bin/env python
2
3 from scapy.all import *
4
5
6
7
8 def send_ip50(counter):
9 packet = (IP(src="192.168.10.15",dst="192.168.10.50")/UDP(sport=RandShort(),dport=53)/DNS(rd=1,id=RandShort(),qd=DNSQR(qname="a%s.foo.com" % counter)))
10 sr1(packet, verbose=0, timeout=0.000001, retry=0)
11
12 def send_ip51(counter):
13 packet = (IP(src="192.168.10.15",dst="192.168.10.51")/UDP(sport=RandShort(),dport=53)/DNS(rd=1,id=RandShort(),qd=DNSQR(qname="b%s.foo.com" % counter)))
14 sr1(packet, verbose=0, timeout=0.000001, retry=0)
15
16 def send_ip52(counter):
17 packet = (IP(src="192.168.10.15",dst="192.168.10.52")/UDP(sport=RandShort(),dport=53)/DNS(rd=1,id=RandShort(),qd=DNSQR(qname="c%s.foo.com" % counter)))
18 sr1(packet, verbose=0, timeout=0.000001, retry=0)
19
20 def send_ip53(counter):
21 packet = (IP(src="192.168.10.15",dst="192.168.10.53")/UDP(sport=RandShort(),dport=53)/DNS(rd=1,id=RandShort(),qd=DNSQR(qname="d%s.foo.com" % counter)))
22 sr1(packet, verbose=0, timeout=0.000001, retry=0)
23
24 if __name__ == '__main__':
25 for i in range(0,100000):
26 send_ip50(i)
27 send_ip51(i)
28 send_ip52(i)
29 send_ip53(i)
|
capture data
# tcpdump -i br0 -n udp and dst port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br0, link-type EN10MB (Ethernet), capture size 65535 bytes
23:45:04.042689 IP 192.168.10.15.13123 > 192.168.10.53.domain: 60431+ A? d828.foo.com. (30)
23:45:04.042845 IP 192.168.10.11.62606 > 192.168.10.15.domain: 12062+ [1au] A? d828.foo.com. (41)
23:45:04.098405 IP 192.168.10.15.12479 > 192.168.10.50.domain: 36773+ A? a829.foo.com. (30)
23:45:04.098554 IP 192.168.10.11.26948 > 192.168.10.15.domain: 32326+ [1au] A? a829.foo.com. (41)
23:45:04.154371 IP 192.168.10.15.37971 > 192.168.10.51.domain: 47661+ A? b829.foo.com. (30)
23:45:04.154524 IP 192.168.10.11.22917 > 192.168.10.15.domain: 55193+ [1au] A? b829.foo.com. (41)
23:45:04.218333 IP 192.168.10.15.48133 > 192.168.10.52.domain: 7299+ A? c829.foo.com. (30)
a830.foo.com. (41)
23:45:04.430456 IP 192.168.10.15.36751 > 192.168.10.51.domain: 49019+ A? b830.foo.com. (30)
23:45:04.430602 IP 192.168.10.11.61530 > 192.168.10.15.domain: 21721+ [1au] A? b830.foo.com. (41)
23:45:04.486421 IP 192.168.10.15.12881 > 192.168.10.52.domain: 23496+ A? c830.foo.com. (30)
23:45:04.486567 IP 192.168.10.11.40049 > 192.168.10.15.domain: 15839+ [1au] A? c830.foo.com. (41)
23:45:04.546634 IP 192.168.10.15.4886 > 192.168.10.53.domain: 57954+ A? d830.foo.com. (30)
23:45:04.546786 IP 192.168.10.11.30473 > 192.168.10.15.domain: 32175+ [1au] A? d830.foo.com. (41)
|
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.