python scapy : send fake DNS responses

# tail -1 /etc/lsb-release DISTRIB_DESCRIPTION="Ubuntu 14.04.1 LTS" # dpkg -l python-scapy ii  python-scapy                2.2.0-1            all                Packet generator/sniffer and network scanner/discovery

Here is a sample script of how to send fake DNS responses.

This script returns fake NS records in the authority sections.

# cat -n fake_DNS.py     1 #!/usr/bin/env python     2     3 from scapy.all import *     4 import random     5 import string     6     7 domain = 'bar.com'     8     9 def id_generator(size=6, chars=string.ascii_lowercase ):    10    return ''.join(random.choice(chars) for _ in range(size))    11    12 def dns_spoof(pkt):    13 #    if domain in pkt[DNS].qd.qname:    14    if pkt.dport == 53:    15            spoofed_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst)/\    16                          UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\    17                          DNS(id=pkt[DNS].id, qr=1L, aa=0L, qd=pkt[DNS].qd, qdcount=1, ancount=0, nscount=4, arcount=0,\    18                          an=None, ns=(DNSRR(rrname=pkt[DNS].qd.qname, type='NS', ttl=3600, rdata='ns1.%s.com' % (id_generator()))/DNSRR(rrname=pkt[DNS].qd.qname, type='NS', ttl=3600, rdata='ns2.%s.com' % id_generator())/DNSRR(rrname=pkt[DNS].qd.qname, type='NS', ttl=3600, rdata='ns3.%s.com' % id_generator())/DNSRR(rrname=pkt[DNS].qd.qname, type='NS', ttl=3600, rdata='ns4.%s.com's % id_generator())))    19            send(spoofed_pkt)    20 sniff(filter='udp port 53', iface='eth0', store=0, prn=dns_spoof)

run the script.

# python fake_DNS.py WARNING: No route found for IPv6 destination :: (no default route?)

send DNS queries to the machine on which the script is running.

This script returns ns1-ns4.<random>.com as name servers in the authority sections.

There are no additional records.

$ dig @192.168.122.5 foo.com ; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> @192.168.122.5 foo.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31796 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION: ;foo.com. IN A ;; AUTHORITY SECTION: foo.com. 3600 IN NS ns1.zsblef.com. foo.com. 3600 IN NS ns2.loooqo.com. foo.com. 3600 IN NS ns3.brrppi.com. foo.com. 3600 IN NS ns4.yjeger.com.

$ dig @192.168.122.5 goooogle.com ; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> @192.168.122.5 goooogle.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 941 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION: ;goooogle.com. IN A ;; AUTHORITY SECTION: goooogle.com. 3600 IN NS ns1.bqurdm.com. goooogle.com. 3600 IN NS ns2.zwitma.com. goooogle.com. 3600 IN NS ns3.gmdcjr.com. goooogle.com. 3600 IN NS ns4.ltctmg.com.