Oct 162015
 

Just a code snippet on how to spoof a DNS query using Python and Scapy. You can replace the source address with anything you want.

from scapy.all import *
import sys

if len(sys.argv)>1:
  print sys.argv[1]
  # a normal lookup
  #spoofed_pkt = (IP(src="173.194.112.88",dst="8.8.8.8")/UDP(dport=53)/DNS(qd=DNSQR(qname="torproject.org"))
  # a reverse lookup
  spoofed_pkt = (IP(src="173.194.112.88",dst="8.8.8.8")/UDP(dport=53)/DNS(rd=1,qd=DNSQR(qname=sys.argv[1]+".in-addr.arpa", qtype='PTR')))
  send(spoofed_pkt)