Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/syss-research/dns-mitm
A minimal DNS service that can provide spoofed replies
https://github.com/syss-research/dns-mitm
dns mitm security tools
Last synced: 3 months ago
JSON representation
A minimal DNS service that can provide spoofed replies
- Host: GitHub
- URL: https://github.com/syss-research/dns-mitm
- Owner: SySS-Research
- License: mit
- Created: 2017-03-10T07:44:31.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2023-04-24T06:54:13.000Z (over 1 year ago)
- Last Synced: 2024-04-24T13:41:47.242Z (7 months ago)
- Topics: dns, mitm, security, tools
- Language: Python
- Size: 9.77 KB
- Stars: 94
- Watchers: 7
- Forks: 37
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-network-stuff - **33**星
README
dns-mitm.py
===========
This is a fake DNS server that answers requests for a domain's A record with
a custom IP address. It is intended to be used in an isolated network for
pentests. You could also use `dnsmasq` for that, but sometimes you just want
to use a small script.
If you want to put yourself in a MitM position of a given connection, you
would usually do so by modifying the network setup: either in software
(ARP-spoofing etc.) or in hardware (unplugging network cables). This script
is for situations in which you are unable or unwilling to change the network
setup but have control over the "victim" device.
Possible use cases could be:
* You want to analyze traffic of a mobile app you are testing, so you
change the DNS server on your mobile device
* You want to filter ads on your TV, so you set its DNS server to your
Raspberry Pi on the same network which is running this script
It makes sense to assign multiple IP addresses to your device, for example
with `ip address add 192.168.1.16/28 dev eth0`.
This way you can spoof multiple domains with an indiviual IP address each.
Otherwise, you won't know the original destination of the intercepted
traffic arriving at your machine without deep package inspection.
Usage
-----
You can specify IP addresses on the command line or in a separate hosts
file, e.g. to answer all requests to `.*.example.com` to `192.168.1.42`:
$ ./dns-mitm.py .*.example.com,192.168.1.42
or
$ ./dns-mitm.py -f hosts.dat
where `hosts.dat` uses the same syntax as `/etc/hosts`.
By default, the script tries to determine the DNS server that the system is
using. You may want to specify a different DNS server with the `-d` option.
For more information, type `./dns-mitm.py -h`.