DNS Poisoning Tool
|
This package includes all methos to execute the poisoning attack. More...
Classes | |
class | AttackType |
Perform the type of attack to perform. More... | |
class | InvalidMAC |
Raised when an invalid MAC address is provided. More... | |
Public Member Functions | |
def | __init__ (self, victim_server, spoofed_domain, attacker_ip, authoritative_ns, initial_id=None, sport=53, ttl=30000, victim_mac=None, nic_interface=None, socket=None, attack_type=AttackType.NORMAL, interrupt_handler=None, log=lambda msg:None) |
Constructor. More... | |
def | set_interface (self, interface) |
Set Interface. More... | |
def | set_victim_mac (self, victim_mac) |
Set Victim MAC address. More... | |
def | set_random_url (self, url) |
Set the random URL to be used during the attack. More... | |
def | set_id (self, id) |
Set the ID to be used during the attack. More... | |
def | set_attack_type (self, attack_type) |
Set the attck type. More... | |
def | open_socket (self) |
Open Socket. More... | |
def | create_socket (self, interface) |
Create Socket. More... | |
def | get_classical_response (self, ID=None, victim_mac=None) |
Return the classical response used in "Classical Attack". More... | |
def | get_dan_response (self, ID=None, victim_mac=None) |
Return the crafted response used in "Dan's Attack". More... | |
def | faster_flooding (self, victim_mac=None, nic_interface=None) |
Faster Flooding Mode. More... | |
def | start_flooding (self, number_of_guess=2, spacing=None, socket=None) |
Start Flooding. More... | |
def | stop_handler (self, sig, frame) |
Stop Handler. More... | |
Public Attributes | |
victim_server | |
Victim Server IP. | |
spoofed_domain | |
Target domain to spoof. | |
attacker_ip | |
IP of the Attacker. | |
sport | |
Source Port of the target DNS. | |
ttl | |
TTL Value to be used in the response. | |
nic_interface | |
Network Interface card to use. | |
auth_nameserver | |
Authoritative nameserver. | |
source_port | |
DNS Request source port. | |
flood_pool | |
flood_socket | |
attack_type | |
Specify the attack type to perform. | |
id | |
random_url | |
Invalid URL used in the attack. | |
victim_mac | |
log | |
Logging Function. | |
interrupt_handler | |
Handler of CTRL+C. | |
This package includes all methos to execute the poisoning attack.
DNSPoisoning.faster_flooding sends packet at layer two (for this reason it requires both victim MAC and network interface specified) , making the attack faster and more prone to succed. However this feature can be used only when the victim server is on the same network of the attacker.
DNSPoisoning.start_flooding instead uses the IP layer and therefore can be applied in any situation.
Two types of attack are implemented:
The first one only tries to spoof a single domain (the one setted in the "spoofed_domain") while the other one tries to spoof the NS server.
Note: The class by default prints output formatted for the blessing library. That's why inside messages some strings like "{t.bold}" may appear. If you want to use coloured output, write a log function that format messages with a blessing instance. Otherwise write a regex to suppress those strings from output. Take look at the function present in the main.py for example.
def dns_poisoning.DNSPoisoning.__init__ | ( | self, | |
victim_server, | |||
spoofed_domain, | |||
attacker_ip, | |||
authoritative_ns, | |||
initial_id = None , |
|||
sport = 53 , |
|||
ttl = 30000 , |
|||
victim_mac = None , |
|||
nic_interface = None , |
|||
socket = None , |
|||
attack_type = AttackType.NORMAL , |
|||
interrupt_handler = None , |
|||
log = lambda msg: None |
|||
) |
Constructor.
victim_server | The IP of the server to attack |
attacker_ip | The IP of the attacker |
spoofed_domain | The domain that the tool tries to spoof |
authoritative_ns | The authoritative nameserver for the target domain |
initial_id | The ID to use for guessing the response TXID. If not specified random ID is used |
sport | The source port used by the server to send query |
ttl | The TTL value to put into the relative DNS field. (Default 30000) |
victim_mac | The victim server MAC address (Only needed for "faster flood" mode). |
nic_interface | The Network Card Interface to use (Reccomended on "faster flood" mode) The type of attack to perform, see DNSPoisoning.AttackType for additional references |
interrupt_handler | The function that handle the CTRL+C signal |
log | The function used to print messages |
def dns_poisoning.DNSPoisoning.create_socket | ( | self, | |
interface | |||
) |
Create Socket.
Create a socket on the specified interface
Interface | where the socket should be created |
def dns_poisoning.DNSPoisoning.faster_flooding | ( | self, | |
victim_mac = None , |
|||
nic_interface = None |
|||
) |
Faster Flooding Mode.
Send Crafted Packet via Ethernet packets
victim_mac | The victim DNS server MAC address. If none is specified the one setted in the contructor will be used. |
nic_interface | The network interface to use. If none is specified the one setted in the contructor will be used. |
This funciton floods the request using layer two packet, which is generally faster than using a normal IP.
def dns_poisoning.DNSPoisoning.get_classical_response | ( | self, | |
ID = None , |
|||
victim_mac = None |
|||
) |
Return the classical response used in "Classical Attack".
ID | int Specify the ID to use |
victim_mac | The victim MAC address |
If no ID is specified the one inside the class attribute is used.
If no victim_mac is specified the response will not include the Ethernet Layer.
When using "faster flood" mode the victim_mac should be provided in order to craft the Ethernet layer. Otherwise only layer 3 will be used.
DNS Crafted response:
def dns_poisoning.DNSPoisoning.get_dan_response | ( | self, | |
ID = None , |
|||
victim_mac = None |
|||
) |
Return the crafted response used in "Dan's Attack".
ID | int Specify the ID to use |
victim_mac | The victim MAC address |
If no ID is specified the one inside the class attribute is used.
If no victim_mac is specified the response will not include the Ethernet Layer.
When using "faster flood" mode the victim_mac should be provided in order to craft the Ethernet layer. Otherwise only layer 3 will be used.
DNS Crafted response:
def dns_poisoning.DNSPoisoning.open_socket | ( | self | ) |
Open Socket.
Open a socket for flooding
Open a socket for flooding packets instead of creating a new one for each request.
def dns_poisoning.DNSPoisoning.set_attack_type | ( | self, | |
attack_type | |||
) |
Set the attck type.
attack_type | (DNSPoisoning.AttackType) Specify the type of attack to perform |
def dns_poisoning.DNSPoisoning.set_id | ( | self, | |
id | |||
) |
Set the ID to be used during the attack.
id | (int) The ID to set |
def dns_poisoning.DNSPoisoning.set_interface | ( | self, | |
interface | |||
) |
Set Interface.
Set the network interface
interface | The network interface to use |
def dns_poisoning.DNSPoisoning.set_random_url | ( | self, | |
url | |||
) |
Set the random URL to be used during the attack.
url | The URL to set |
def dns_poisoning.DNSPoisoning.set_victim_mac | ( | self, | |
victim_mac | |||
) |
Set Victim MAC address.
victim_mac | The MAC address to set Set Victim MAC address. This option is only required in "faster flooding" mode. |
Raise DNSPoisoning::InvalidMAC when an invalid MAC is supplied
def dns_poisoning.DNSPoisoning.start_flooding | ( | self, | |
number_of_guess = 2 , |
|||
spacing = None , |
|||
socket = None |
|||
) |
Start Flooding.
Start normal flooding attack
number_of_guess | Number of response to send (Default 10) |
spacing | The value to be added to the initial TXID (Default 2) |
socket | The socket to be used, if none is passed then a new socket is opened |
Start the normal flooding attack which uses IP layer packets
def dns_poisoning.DNSPoisoning.stop_handler | ( | self, | |
sig, | |||
frame | |||
) |
Stop Handler.
Function called when CTRL+C is pressed