Here is how to fake DNS responses with dnschef.
about dnschef
http://thesprawl.org/projects/dnschef/
https://github.com/iphelix/dnschef
# git clone https://github.com/iphelix/dnschef.git
# ls
CHANGELOG dnschef.ini dnschef.py LICENSE README TODO
|
I installed the following python modules to run the script.
# pip install dnslib
# pip install IPy
|
edit /etc/resolv.conf
# grep -v ^# /etc/resolv.conf
nameserver 127.0.0.1
|
run the script as proxy mode
# ./dnschef.py
[*] DNSChef started on interface: 127.0.0.1
[*] Using the following nameservers: 8.8.8.8
[*] No parameters were specified. Running in full proxy mode
|
This is running as proxy mode.
If this script receives DNS queries destined to 127.0.0.1 port 53, this forwards those queries to 8.8.8.8.
~# dig @127.1 www.google.com +short
173.194.38.81
173.194.38.83
173.194.38.80
173.194.38.82
|
run the script as fake mode.
# ./dnschef.py --fakeip 127.0.0.10 -q
[*] DNSChef started on interface: 127.0.0.1
[*] Using the following nameservers: 8.8.8.8
[*] Cooking all A replies to point to 127.0.0.10
|
# dig @127.1 www.google.com +short
127.0.0.10
|
dnschef can fake a wide variety of RR types, such as A, AAAA, NS, CNAME etc.
There is a sample configuration “dnschef.ini” in the directory.
# less -X dnschef.ini
[A] # Queries for IPv4 address records
*.thesprawl.org=192.0.2.1
[AAAA] # Queries for IPv6 address records
*.thesprawl.org=2001:db8::1
|
# ./dnschef.py --file=dnschef.ini
|
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.