I’m trying to use NFQUEUE and Scapy to convert any UDP DNS request to TCP DNS requests and then respond the UDP DNS request with a crafted UDP packet based on TCP DNS resonse. This is the script that I wrote so far:
#! /usr/bin/env python2.7
from scapy.all import *
from netfilterqueue import NetfilterQueue
import os
import dns.resolver
myResolver = dns.resolver.Resolver()
def resolv_dns(payload):
udp_query_pkt = IP(payload.get_payload())
domain = udp_query_pkt[DNS].qd.qname
ip_addrs = myResolver.query(domain, “A”, tcp=True)
if not udp_query_pkt.haslayer(DNSQR):
payload.set_verdict(nfqueue.NF_ACCEPT)
else:
if domain in udp_query_pkt[DNS].qd.qname:
print str(ip_addrs[0])
udp_resp_pkt = IP(dst=udp_query_pkt[IP].src, src=udp_query_pkt[IP].dst)/\\
UDP(dport=udp_query_pkt[UDP].sport, sport=udp_query_pkt[UDP].dport)/\\
DNS(id=udp_query_pkt[DNS].id, qr=1, aa=1, qd=udp_query_pkt[DNS].qd,\\
an=DNSRR(rrname=udp_query_pkt[DNS].qd.qname, ttl=10, rdata=str(ip_addrs[0])))
send(udp_resp_pkt)
payload.drop()
nfqueue = NetfilterQueue()
nfqueue.bind(1, resolv_dns)
try:
os.system(“iptables -A OUTPUT -p udp --dport 53 -j NFQUEUE --queue-num 1”)
print “[*] waiting for data”
nfqueue.run()
except KeyboardInterrupt:
os.system(“iptables -D OUTPUT -p udp --dport 53 -j NFQUEUE --queue-num 1”)
pass
The problem with the script is that it doesn’t work!
Actually I can see the correponding DNS packets in the wireshark and they seems okay: enter image description here
But I can’t open any website! Actually the UDP DNS request timed out:
ebrahim@ebrahim:~$ dig www.xyw.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.xyw.com
;; global options: +cmd
;; connection timed out; no servers could be reached
What’s wrong?