mirror of
https://github.com/bettercap/bettercap
synced 2025-08-19 13:09:49 -07:00
Add blacklist and whitelist logic.
This commit is contained in:
buffermet
parent
27d245625c
commit
40f3906115
3 changed files with 61 additions and 39 deletions
|
|
@ -113,10 +113,10 @@ func NewDnsProxy(s *session.Session) *DnsProxy {
|
||||||
"Address to bind the DNS proxy to."))
|
"Address to bind the DNS proxy to."))
|
||||||
|
|
||||||
mod.AddParam(session.NewStringParameter("dns.proxy.blacklist", "", "",
|
mod.AddParam(session.NewStringParameter("dns.proxy.blacklist", "", "",
|
||||||
"Comma separated list of hostnames to skip while proxying (wildcard expressions can be used)."))
|
"Comma separated list of client IPs to skip while proxying."))
|
||||||
|
|
||||||
mod.AddParam(session.NewStringParameter("dns.proxy.whitelist", "", "",
|
mod.AddParam(session.NewStringParameter("dns.proxy.whitelist", "", "",
|
||||||
"Comma separated list of hostnames to proxy if the blacklist is used (wildcard expressions can be used)."))
|
"Comma separated list of client IPs to proxy if the blacklist is used."))
|
||||||
|
|
||||||
mod.AddParam(session.NewStringParameter("dns.proxy.nameserver",
|
mod.AddParam(session.NewStringParameter("dns.proxy.nameserver",
|
||||||
"1.1.1.1",
|
"1.1.1.1",
|
||||||
|
|
|
||||||
|
|
@ -41,6 +41,24 @@ type DNSProxy struct {
|
||||||
tag string
|
tag string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (p *DNSProxy) shouldProxy(clientIP string) bool {
|
||||||
|
// check if this client is in the whitelist
|
||||||
|
for _, ip := range p.Whitelist {
|
||||||
|
if clientIP == ip {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// check if this client is in the blacklist
|
||||||
|
for _, ip := range p.Blacklist {
|
||||||
|
if clientIP == ip {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
func (p *DNSProxy) Configure(address string, dnsPort int, doRedirect bool, nameserver string, netProtocol string, proxyPort int, scriptPath string, certFile string, keyFile string) error {
|
func (p *DNSProxy) Configure(address string, dnsPort int, doRedirect bool, nameserver string, netProtocol string, proxyPort int, scriptPath string, certFile string, keyFile string) error {
|
||||||
var err error
|
var err error
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -59,53 +59,57 @@ func (p *DNSProxy) logResponseAction(m *dns.Msg, clientIP string) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *DNSProxy) onRequestFilter(query *dns.Msg, clientIP string) (req, res *dns.Msg) {
|
func (p *DNSProxy) onRequestFilter(query *dns.Msg, clientIP string) (req, res *dns.Msg) {
|
||||||
p.Debug("< %s q[%s]",
|
if p.shouldProxy(clientIP) {
|
||||||
clientIP,
|
p.Debug("< %s q[%s]",
|
||||||
strings.Join(questionsToStrings(query.Question), ","))
|
clientIP,
|
||||||
|
strings.Join(questionsToStrings(query.Question), ","))
|
||||||
|
|
||||||
// do we have a proxy script?
|
// do we have a proxy script?
|
||||||
if p.Script == nil {
|
if p.Script == nil {
|
||||||
return query, nil
|
return query, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// run the module OnRequest callback if defined
|
// run the module OnRequest callback if defined
|
||||||
jsreq, jsres := p.Script.OnRequest(query, clientIP)
|
jsreq, jsres := p.Script.OnRequest(query, clientIP)
|
||||||
if jsreq != nil {
|
if jsreq != nil {
|
||||||
// the request has been changed by the script
|
// the request has been changed by the script
|
||||||
req := jsreq.ToQuery()
|
req := jsreq.ToQuery()
|
||||||
p.logRequestAction(req, clientIP)
|
p.logRequestAction(req, clientIP)
|
||||||
return req, nil
|
return req, nil
|
||||||
} else if jsres != nil {
|
} else if jsres != nil {
|
||||||
// a fake response has been returned by the script
|
// a fake response has been returned by the script
|
||||||
res := jsres.ToQuery()
|
res := jsres.ToQuery()
|
||||||
p.logResponseAction(res, clientIP)
|
p.logResponseAction(res, clientIP)
|
||||||
return query, res
|
return query, res
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return query, nil
|
return query, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *DNSProxy) onResponseFilter(req, res *dns.Msg, clientIP string) *dns.Msg {
|
func (p *DNSProxy) onResponseFilter(req, res *dns.Msg, clientIP string) *dns.Msg {
|
||||||
// sometimes it happens ¯\_(ツ)_/¯
|
if p.shouldProxy(clientIP) {
|
||||||
if res == nil {
|
// sometimes it happens ¯\_(ツ)_/¯
|
||||||
return nil
|
if res == nil {
|
||||||
}
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
p.Debug("> %s q[%s] a[%s] e[%s] n[%s]",
|
p.Debug("> %s q[%s] a[%s] e[%s] n[%s]",
|
||||||
clientIP,
|
clientIP,
|
||||||
strings.Join(questionsToStrings(res.Question), ","),
|
strings.Join(questionsToStrings(res.Question), ","),
|
||||||
strings.Join(recordsToStrings(res.Answer), ","),
|
strings.Join(recordsToStrings(res.Answer), ","),
|
||||||
strings.Join(recordsToStrings(res.Extra), ","),
|
strings.Join(recordsToStrings(res.Extra), ","),
|
||||||
strings.Join(recordsToStrings(res.Ns), ","))
|
strings.Join(recordsToStrings(res.Ns), ","))
|
||||||
|
|
||||||
// do we have a proxy script?
|
// do we have a proxy script?
|
||||||
if p.Script != nil {
|
if p.Script != nil {
|
||||||
_, jsres := p.Script.OnResponse(req, res, clientIP)
|
_, jsres := p.Script.OnResponse(req, res, clientIP)
|
||||||
if jsres != nil {
|
if jsres != nil {
|
||||||
// the response has been changed by the script
|
// the response has been changed by the script
|
||||||
res := jsres.ToQuery()
|
res := jsres.ToQuery()
|
||||||
p.logResponseAction(res, clientIP)
|
p.logResponseAction(res, clientIP)
|
||||||
return res
|
return res
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue