Oct 162015

Just a code snippet on how to spoof a DNS query using Python and Scapy. You can replace the source address with anything you want.

from scapy.all import *
import sys

if len(sys.argv)>1:
  print sys.argv[1]
  # a normal lookup
  #spoofed_pkt = (IP(src="",dst="")/UDP(dport=53)/DNS(qd=DNSQR(qname="torproject.org"))
  # a reverse lookup
  spoofed_pkt = (IP(src="",dst="")/UDP(dport=53)/DNS(rd=1,qd=DNSQR(qname=sys.argv[1]+".in-addr.arpa", qtype='PTR')))

  One Response to “Spoofing DNS requests with Python Scapy”

  1. […] for example when you want to spoof the source IP to hide your IP or set some other fancy flags (see scapy and DNS). DNS.rd sets (or unsets) the desired recursion. It is enabled by default. It can be disabled to […]

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>