vikasaldana #1

I’m trying to use NFQUEUE and Scapy to convert any UDP DNS request to TCP DNS requests and then respond the UDP DNS request with a crafted UDP packet based on TCP DNS resonse. This is the script that I wrote so far:

#! /usr/bin/env python2.7
from scapy.all import *
from netfilterqueue import NetfilterQueue
import os
import dns.resolver

myResolver = dns.resolver.Resolver()

def resolv_dns(payload):
udp_query_pkt = IP(payload.get_payload())
domain = udp_query_pkt[DNS].qd.qname
ip_addrs = myResolver.query(domain, “A”, tcp=True)

if not udp_query_pkt.haslayer(DNSQR):
    payload.set_verdict(nfqueue.NF_ACCEPT)
else:
    if domain in udp_query_pkt[DNS].qd.qname:
        print str(ip_addrs[0])
        udp_resp_pkt = IP(dst=udp_query_pkt[IP].src, src=udp_query_pkt[IP].dst)/\\
                      UDP(dport=udp_query_pkt[UDP].sport, sport=udp_query_pkt[UDP].dport)/\\
                      DNS(id=udp_query_pkt[DNS].id, qr=1, aa=1, qd=udp_query_pkt[DNS].qd,\\
                      an=DNSRR(rrname=udp_query_pkt[DNS].qd.qname, ttl=10, rdata=str(ip_addrs[0])))
        send(udp_resp_pkt)
        payload.drop()

nfqueue = NetfilterQueue()
nfqueue.bind(1, resolv_dns)

try:
os.system(“iptables -A OUTPUT -p udp --dport 53 -j NFQUEUE --queue-num 1”)
print “[*] waiting for data”
nfqueue.run()
except KeyboardInterrupt:
os.system(“iptables -D OUTPUT -p udp --dport 53 -j NFQUEUE --queue-num 1”)
pass
The problem with the script is that it doesn’t work!

Actually I can see the correponding DNS packets in the wireshark and they seems okay: enter image description here

But I can’t open any website! Actually the UDP DNS request timed out:

ebrahim@ebrahim:~$ dig www.xyw.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.xyw.com
;; global options: +cmd
;; connection timed out; no servers could be reached
What’s wrong?