|
DNS Poisoning Tool
|
This package includes all methos to execute the poisoning attack. More...
Classes | |
| class | AttackType |
| Perform the type of attack to perform. More... | |
| class | InvalidMAC |
| Raised when an invalid MAC address is provided. More... | |
Public Member Functions | |
| def | __init__ (self, victim_server, spoofed_domain, attacker_ip, authoritative_ns, initial_id=None, sport=53, ttl=30000, victim_mac=None, nic_interface=None, socket=None, attack_type=AttackType.NORMAL, interrupt_handler=None, log=lambda msg:None) |
| Constructor. More... | |
| def | set_interface (self, interface) |
| Set Interface. More... | |
| def | set_victim_mac (self, victim_mac) |
| Set Victim MAC address. More... | |
| def | set_random_url (self, url) |
| Set the random URL to be used during the attack. More... | |
| def | set_id (self, id) |
| Set the ID to be used during the attack. More... | |
| def | set_attack_type (self, attack_type) |
| Set the attck type. More... | |
| def | open_socket (self) |
| Open Socket. More... | |
| def | create_socket (self, interface) |
| Create Socket. More... | |
| def | get_classical_response (self, ID=None, victim_mac=None) |
| Return the classical response used in "Classical Attack". More... | |
| def | get_dan_response (self, ID=None, victim_mac=None) |
| Return the crafted response used in "Dan's Attack". More... | |
| def | faster_flooding (self, victim_mac=None, nic_interface=None) |
| Faster Flooding Mode. More... | |
| def | start_flooding (self, number_of_guess=2, spacing=None, socket=None) |
| Start Flooding. More... | |
| def | stop_handler (self, sig, frame) |
| Stop Handler. More... | |
Public Attributes | |
| victim_server | |
| Victim Server IP. | |
| spoofed_domain | |
| Target domain to spoof. | |
| attacker_ip | |
| IP of the Attacker. | |
| sport | |
| Source Port of the target DNS. | |
| ttl | |
| TTL Value to be used in the response. | |
| nic_interface | |
| Network Interface card to use. | |
| auth_nameserver | |
| Authoritative nameserver. | |
| source_port | |
| DNS Request source port. | |
| flood_pool | |
| flood_socket | |
| attack_type | |
| Specify the attack type to perform. | |
| id | |
| random_url | |
| Invalid URL used in the attack. | |
| victim_mac | |
| log | |
| Logging Function. | |
| interrupt_handler | |
| Handler of CTRL+C. | |
This package includes all methos to execute the poisoning attack.
DNSPoisoning.faster_flooding sends packet at layer two (for this reason it requires both victim MAC and network interface specified) , making the attack faster and more prone to succed. However this feature can be used only when the victim server is on the same network of the attacker.
DNSPoisoning.start_flooding instead uses the IP layer and therefore can be applied in any situation.
Two types of attack are implemented:
The first one only tries to spoof a single domain (the one setted in the "spoofed_domain") while the other one tries to spoof the NS server.
Note: The class by default prints output formatted for the blessing library. That's why inside messages some strings like "{t.bold}" may appear. If you want to use coloured output, write a log function that format messages with a blessing instance. Otherwise write a regex to suppress those strings from output. Take look at the function present in the main.py for example.
| def dns_poisoning.DNSPoisoning.__init__ | ( | self, | |
| victim_server, | |||
| spoofed_domain, | |||
| attacker_ip, | |||
| authoritative_ns, | |||
initial_id = None, |
|||
sport = 53, |
|||
ttl = 30000, |
|||
victim_mac = None, |
|||
nic_interface = None, |
|||
socket = None, |
|||
attack_type = AttackType.NORMAL, |
|||
interrupt_handler = None, |
|||
log = lambda msg: None |
|||
| ) |
Constructor.
| victim_server | The IP of the server to attack |
| attacker_ip | The IP of the attacker |
| spoofed_domain | The domain that the tool tries to spoof |
| authoritative_ns | The authoritative nameserver for the target domain |
| initial_id | The ID to use for guessing the response TXID. If not specified random ID is used |
| sport | The source port used by the server to send query |
| ttl | The TTL value to put into the relative DNS field. (Default 30000) |
| victim_mac | The victim server MAC address (Only needed for "faster flood" mode). |
| nic_interface | The Network Card Interface to use (Reccomended on "faster flood" mode) The type of attack to perform, see DNSPoisoning.AttackType for additional references |
| interrupt_handler | The function that handle the CTRL+C signal |
| log | The function used to print messages |
| def dns_poisoning.DNSPoisoning.create_socket | ( | self, | |
| interface | |||
| ) |
Create Socket.
Create a socket on the specified interface
| Interface | where the socket should be created |
| def dns_poisoning.DNSPoisoning.faster_flooding | ( | self, | |
victim_mac = None, |
|||
nic_interface = None |
|||
| ) |
Faster Flooding Mode.
Send Crafted Packet via Ethernet packets
| victim_mac | The victim DNS server MAC address. If none is specified the one setted in the contructor will be used. |
| nic_interface | The network interface to use. If none is specified the one setted in the contructor will be used. |
This funciton floods the request using layer two packet, which is generally faster than using a normal IP.
| def dns_poisoning.DNSPoisoning.get_classical_response | ( | self, | |
ID = None, |
|||
victim_mac = None |
|||
| ) |
Return the classical response used in "Classical Attack".
| ID | int Specify the ID to use |
| victim_mac | The victim MAC address |
If no ID is specified the one inside the class attribute is used.
If no victim_mac is specified the response will not include the Ethernet Layer.
When using "faster flood" mode the victim_mac should be provided in order to craft the Ethernet layer. Otherwise only layer 3 will be used.
DNS Crafted response:
| def dns_poisoning.DNSPoisoning.get_dan_response | ( | self, | |
ID = None, |
|||
victim_mac = None |
|||
| ) |
Return the crafted response used in "Dan's Attack".
| ID | int Specify the ID to use |
| victim_mac | The victim MAC address |
If no ID is specified the one inside the class attribute is used.
If no victim_mac is specified the response will not include the Ethernet Layer.
When using "faster flood" mode the victim_mac should be provided in order to craft the Ethernet layer. Otherwise only layer 3 will be used.
DNS Crafted response:
| def dns_poisoning.DNSPoisoning.open_socket | ( | self | ) |
Open Socket.
Open a socket for flooding
Open a socket for flooding packets instead of creating a new one for each request.
| def dns_poisoning.DNSPoisoning.set_attack_type | ( | self, | |
| attack_type | |||
| ) |
Set the attck type.
| attack_type | (DNSPoisoning.AttackType) Specify the type of attack to perform |
| def dns_poisoning.DNSPoisoning.set_id | ( | self, | |
| id | |||
| ) |
Set the ID to be used during the attack.
| id | (int) The ID to set |
| def dns_poisoning.DNSPoisoning.set_interface | ( | self, | |
| interface | |||
| ) |
Set Interface.
Set the network interface
| interface | The network interface to use |
| def dns_poisoning.DNSPoisoning.set_random_url | ( | self, | |
| url | |||
| ) |
Set the random URL to be used during the attack.
| url | The URL to set |
| def dns_poisoning.DNSPoisoning.set_victim_mac | ( | self, | |
| victim_mac | |||
| ) |
Set Victim MAC address.
| victim_mac | The MAC address to set Set Victim MAC address. This option is only required in "faster flooding" mode. |
Raise DNSPoisoning::InvalidMAC when an invalid MAC is supplied
| def dns_poisoning.DNSPoisoning.start_flooding | ( | self, | |
number_of_guess = 2, |
|||
spacing = None, |
|||
socket = None |
|||
| ) |
Start Flooding.
Start normal flooding attack
| number_of_guess | Number of response to send (Default 10) |
| spacing | The value to be added to the initial TXID (Default 2) |
| socket | The socket to be used, if none is passed then a new socket is opened |
Start the normal flooding attack which uses IP layer packets
| def dns_poisoning.DNSPoisoning.stop_handler | ( | self, | |
| sig, | |||
| frame | |||
| ) |
Stop Handler.
Function called when CTRL+C is pressed
1.8.13