Crypt0s/FakeDns Crypt0s/FakeDns

  • Stars
    star
    547
  • Rank 80,716 (Top 2 %)
  • Language
    Python
  • License
    MIT License
  • Created over 11 years ago
  • Updated about 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Crypt0s/FakeDns
github

Crypt0s

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A regular-expression based python MITM DNS server with support for DNS Rebinding attacks

FakeDns

Update 4/14/2020 - Python 2 support removed and code swapped to Python3

Now with round-robin & improved options!

Bugs: @crypt0s - Twitter

[email protected] - Email

A python regular-expression based DNS server!

USAGE:
./fakedns.py [-h] -c Config path [-i interface IP address] [--rebind]

The dns.conf should be set the following way:

[RECORD TYPE CODE] [python regular expression] [answer] [rebind answer]

The answer could be a ip address or string self, the self syntax sugar will be translated to your current machine's local ip address, such as 192.168.1.100.

If a match is not made, the DNS server will attempt to resolve the request using whatever you have your DNS server set to on your local machine and will proxy the request to that server on behalf of the requesting user.

Supported Request Types

- A
- TXT
- AAAA
- PTR
- SOA

In-Progress Request Types

- MX
- CNAME

Misc

- Supports DNS Rebinding
- Supports round-robin

Round-Robin

Round-robin rules are implemented. Every time a client requests a matching rule, FakeDNS will serve out the next IP in the list of IP's provided in the rule.
A list of IP's is comma-separated.

For example:

A robin.net 1.2.3.4,1.1.1.1,2.2.2.2

Is a round-robin rule for robin.net which will serve out responses pointing to 1.2.3.4, 1.1.1.1, and 2.2.2.2, iterating through that order every time a request is made by any client for the robin.net entry.

NOTE : These IP's aren't included as a list to the client in the response - they still only get just one IP in the response (could change that later)

DNS Rebinding

FakeDNS supports rebinding rules, which basically means that the server accepts a certain number of requests from a client for a domain until a threshold (default 1 request) and then it changes the IP address to a different one.

For example:

A rebind.net 1.1.1.1 10%4.5.6.7

Means that we have an A record for rebind.net which evaluates to 1.1.1.1 for the first 10 tries. On the 11th request from a client which has already made 10 requests, FakeDNS starts serving out the second ip, 4.5.6.7

You can use a list of addresses here and FakeDNS will round-robin them for you, just like in the "regular" rule.

Testing FakeDNS in Docker

(localhost only without extra steps)

I have had a lot of success testing/developing FakeDNS in Docker because it's easier than running it natively on modern Ubuntu installs which have their own DNS services running on port 53 already.

If you want to try it out, you can do so without much heavy lifting by following these steps:

Assuming you are inside the FakeDns directory: sudo docker run --interactive --tty --volume \pwd`:/opt/FakeDns -p 5353:53/udp python:3.8 /opt/FakeDns/fakedns.py -c /opt/FakeDns/dns.conf.example. And to test you can run nslookup -port=5353 testrule.test 127.0.0.1which should return1.1.1.1` on your first request

Or, if you'd like to use docker-compose, simply run docker-compose up and use the same test as above.

More Repositories

1

DelegationBOF

C++
135
star
2

Ekko_CFG_Bypass

A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process
C
86
star
3

smb-scan

Python-based SMB Share scanner -- scans a bunch of computers, outputs the path and the file permissions for the account
Python
42
star
4

Ramen

Python-based network file scanner
Python
25
star
5

AirReader

A Python-Based script designed to output stable and screen-scrapable lists of wireless networks
Python
15
star
6

airview

A python web application compliment to py80211 which allows you to visualize the airwaves around you with your web browser.
Python
12
star
7

bingraph

Utility(ies?) for helping to manage the relationships between sets of binaries and their libraries
Python
7
star
8

PiWAT

PiWAT 2.0
JavaScript
7
star
9

QuickTestNet

Throw up a quick WiFi Access Point from your Linux OS to do further testing of a target device
Shell
3
star
10

The-Heap

The Inventory System For Hackerspaces
3
star
11

SimplePhish

Easy-to-modify Python webserver capable of being used for phishing campaigns
Python
3
star
12

MailStats

A collection of scripts that allow a user to download an IMAP folder and perform statistical analysis on the resulting set of emails.
Python
3
star
13

pySimpleBrute

Simple Python password brute forcer for use against web services
Python
2
star
14

zigbit900

Collection of important documents, files, documentation for Zigbit AT86RF212B sub-ghz Zigbee chip
2
star
15

signage

Display useful information on an LED Signboard
Python
2
star
16

fskjs

A javascript widget which turns ASCII into a image of its Frequency Shift Keying representation
CSS
2
star
17

Draconic

A toy attempt at parsing XML acting as markup for Dungeons and Dragons campaigns
1
star
18

PipeBender

Web Sockets Proxy tool written in node - allows you to see and inject content into websockets
JavaScript
1
star
19

Cachefiller

Fills the cache of a webbrowser. Could be useful in a number of ways, was an early attempt to knock out temp HSTS entries in browsers
HTML
1
star
20

Telekino

Deploys a Raspberry Pi CM4 image for use as a remote network access device in enterprise network security testing engagements
Shell
1
star