Community

Python UDP DNS to TCP DNS converter

bl
blessenparker #1

I’m trying to use NFQUEUE and Scapy to convert any UDP DNS request to TCP DNS requests and then respond the UDP DNS request with a crafted UDP packet based on TCP DNS resonse. This is the script that I wrote so far:

#! /usr/bin/env python2.7
from scapy.all import *
from netfilterqueue import NetfilterQueue
import os
import dns.resolver

myResolver = dns.resolver.Resolver()

def resolv_dns(payload):
udp_query_pkt = IP(payload.get_payload())
domain = udp_query_pkt[DNS].qd.qname
ip_addrs = myResolver.query(domain, “A”, tcp=True)

if not udp_query_pkt.haslayer(DNSQR):
    payload.set_verdict(nfqueue.NF_ACCEPT)
else:
    if domain in udp_query_pkt[DNS].qd.qname:
        print str(ip_addrs[0])
        udp_resp_pkt = IP(dst=udp_query_pkt[IP].src, src=udp_query_pkt[IP].dst)/\\
                      UDP(dport=udp_query_pkt[UDP].sport, sport=udp_query_pkt[UDP].dport)/\\
                      DNS(id=udp_query_pkt[DNS].id, qr=1, aa=1, qd=udp_query_pkt[DNS].qd,\\
                      an=DNSRR(rrname=udp_query_pkt[DNS].qd.qname, ttl=10, rdata=str(ip_addrs[0])))
        send(udp_resp_pkt)
        payload.drop()

nfqueue = NetfilterQueue()
nfqueue.bind(1, resolv_dns)

try:
os.system(“iptables -A OUTPUT -p udp --dport 53 -j NFQUEUE --queue-num 1”)
print “[*] waiting for data”
nfqueue.run()
except KeyboardInterrupt:
os.system(“iptables -D OUTPUT -p udp --dport 53 -j NFQUEUE --queue-num 1”)
pass
The problem with the script is that it doesn’t work!

Actually I can see the correponding DNS packets in the wireshark and they seems okay: enter image description here

But I can’t open any website! Actually the UDP DNS request timed out:

ebrahim@ebrahim:~$ dig www.xyw.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.xyw.com
;; global options: +cmd
;; connection timed out; no servers could be reached
What’s wrong?

bh
bhenmia0 #2

Damm even I am having a similar kind of issue, I have searched all over the internet and even have posted on number of threads on different forum, no solution seems to work. I am really frustrated, can anyone of you here help me resolve this issue, I am very much tired now.

Sign in to reply