Oct 162015
 

Just a code snippet on how to spoof a DNS query using Python and Scapy. You can replace the source address with anything you want.

from scapy.all import *
import sys

if len(sys.argv)>1:
  print sys.argv[1]
  # a normal lookup
  #spoofed_pkt = (IP(src="173.194.112.88",dst="8.8.8.8")/UDP(dport=53)/DNS(qd=DNSQR(qname="torproject.org"))
  # a reverse lookup
  spoofed_pkt = (IP(src="173.194.112.88",dst="8.8.8.8")/UDP(dport=53)/DNS(rd=1,qd=DNSQR(qname=sys.argv[1]+".in-addr.arpa", qtype='PTR')))
  send(spoofed_pkt)

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)