Python scapy: build DNS packets

[ DNS ]

send DNS queries from spoofed IP.

send A queries

>>> sr1(IP(src="123.123.123.123",dst="192.168.0.100")/UDP(sport=12345, dport=53)/DNS(rd=1,qd=DNSQR(qname="foo.bar",qtype="A",qc lass="IN")),iface="virbr0") Begin emission: Finished to send 1 packets. * Received 1 packets, got 1 answers, remaining 0 packets <IP  version=4L ihl=5L tos=0x0 len=128 id=0 flags=DF frag=0L ttl=64 proto=udp chksum=0x84f src=192.168.0.100 dst=123.123.123.123 options=[] |<UDP  sport=domain dport=12345 len=108 chksum=0x329c |<DNS  id=0 qr=1L opcode=QUERY aa=0L tc=0L rd=1L ra=1L z=0L rcode=name-error qdcount=1 ancount=0 nscount=1 arcount=0 qd=<DNSQR  qname='foo.bar.' qtype=A qclass=IN |> an=None ns=<DNSRR  rrname='.' type=SOA rclass=IN ttl=9868 rdata='\x01a\x0croot-servers\x03net\x00\x05nstld\x0cverisign-grs\x03com\x00w\xfd\x83\x99\x00\x00\x07\x08\x00\x00\x03\x84\x00\t:\x80\x00\x01Q\x80' |> ar=None |>>> >>>

send MX queries

>>> sr1(IP(src="12.12.12.12",dst="192.168.0.100")/UDP(sport=12345, dport=53)/DNS(rd=1,qd=DNSQR(qname="foo.bar",qtype="MX")),ifa ce="virbr0") Begin emission: Finished to send 1 packets. * Received 1 packets, got 1 answers, remaining 0 packets <IP  version=4L ihl=5L tos=0x0 len=128 id=0 flags=DF frag=0L ttl=64 proto=udp chksum=0xe72d src=192.168.0.100 dst=12.12.12.12 options=[] |<UDP  sport=domain dport=12345 len=108 chksum=0x53bd |<DNS  id=0 qr=1L opcode=QUERY aa=0L tc=0L rd=1L ra=1L z=0L rcode=name-error qdcount=1 ancount=0 nscount=1 arcount=0 qd=<DNSQR  qname='foo.bar.' qtype=MX qclass=IN |> an=None ns=<DNSRR  rrname='.' type=SOA rclass=IN ttl=9779 rdata='\x01a\x0croot-servers\x03net\x00\x05nstld\x0cverisign-grs\x03com\x00w\xfd\x83\x99\x00\x00\x07\x08\x00\x00\x03\x84\x00\t:\x80\x00\x01Q\x80' |> ar=None |>>> >>>

cap data

58.418265  12.12.12.12 -> 192.168.0.100 DNS Standard query A foo.bar 58.418430 192.168.0.100 -> 12.12.12.12  DNS Standard query response, No such name 63.510118  12.12.12.12 -> 192.168.0.100 DNS Standard query MX foo.bar 63.511398 192.168.0.100 -> 12.12.12.12  DNS Standard query response, No such name

>>> src_list = ["1.1.1.1","2.2.2.2","3.3.3.3","4.4.4.4","5.5.5.5","6.6.6.6","7.7.7.7","8.8.8.8"] >>> for i in src_list: ...     p=sr1(IP(src="%s" % i ,dst="192.168.0.100")/UDP(sport=12345, dport=53)/DNS(rd=1,qd=DNSQR(qname="foo.bar",qtype="A")),iface="virbr0") ... Begin emission: Finished to send 1 packets. * Received 1 packets, got 1 answers, remaining 0 packets Begin emission: Finished to send 1 packets. * Received 1 packets, got 1 answers, remaining 0 packets Begin emission: Finished to send 1 packets. *

cap data

86.646114      1.1.1.1 -> 192.168.0.100 DNS Standard query A foo.bar 286.647411 192.168.0.100 -> 1.1.1.1      DNS Standard query response, No such name 286.659434      2.2.2.2 -> 192.168.0.100 DNS Standard query A foo.bar 286.659530 192.168.0.100 -> 2.2.2.2      DNS Standard query response, No such name 286.691625      3.3.3.3 -> 192.168.0.100 DNS Standard query A foo.bar 286.691730 192.168.0.100 -> 3.3.3.3      DNS Standard query response, No such name 286.711917      4.4.4.4 -> 192.168.0.100 DNS Standard query A foo.bar 286.712063 192.168.0.100 -> 4.4.4.4      DNS Standard query response, No such name 286.731823      5.5.5.5 -> 192.168.0.100 DNS Standard query A foo.bar 286.731947 192.168.0.100 -> 5.5.5.5      DNS Standard query response, No such name

use range() function

>>> for i in range(1,10): ...     p=sr(IP(src="%s.168.100.%s" % (i,i),dst="192.168.0.100")/UDP(sport=12345, dport=53)/DNS(id=100,rd=1,qd=DNSQR(qname="foo .bar",qtype="A")),iface="virbr0") ... Begin emission: .Finished to send 1 packets. * Received 2 packets, got 1 answers, remaining 0 packets Begin emission: Finished to send 1 packets.

# tshark -i eth1 port 53 Capturing on eth1  0.000000  1.168.100.1 -> 192.168.0.100 DNS Standard query A foo.bar  0.000171 192.168.0.100 -> 1.168.100.1  DNS Standard query response, No such name  0.014239  2.168.100.2 -> 192.168.0.100 DNS Standard query A foo.bar  0.014353 192.168.0.100 -> 2.168.100.2  DNS Standard query response, No such name