dns2proxy – Offensive DNS server

By blogjoker On May 30, 2021

[ad_1]

dns2proxy is an offensive DNS server that offers various features for post-exploitation once you’ve changed the DNS server of a victim.

It’s very frequently used in combination with sslstrip.

Features

Traditional DNS Spoofing
Implements DNS Spoofing via Forwarding
Detects and corrects changes for sslstrip to work

Usage

Using the spoof.cfg config file with the format:

<br />root@kali:~/dns2proxy# echo “www.s21sec.com 1.1.1.1” > spoof.cfg</p>
<p>// launch in another terminal dns2proxy.py</p>
<p>root@kali:~/dns2proxy# nslookup <a href="http://www.s21sec.com" class="autohyperlink" data-wpel-link="external" target="_blank" rel="external noopener noreferrer">www.s21sec.com</a> 127.0.0.1<br />Server: 127.0.0.1<br />Address: 127.0.0.1#53</p>
<p>Name: <a href="http://www.s21sec.com" class="autohyperlink" data-wpel-link="external" target="_blank" rel="external noopener noreferrer">www.s21sec.com</a><br />Address: 1.1.1.1<br />Name: <a href="http://www.s21sec.com" class="autohyperlink" data-wpel-link="external" target="_blank" rel="external noopener noreferrer">www.s21sec.com</a><br />Address: 88.84.64.30</p>
<p>

root@kali:~/dns2proxy# echo “www.s21sec.com 1.1.1.1” > spoof.cfg

// launch in another terminal dns2proxy.py

Server: 127.0.0.1

Address: 127.0.0.1#53

Name: www.s21sec.com

Address: 1.1.1.1

Name: www.s21sec.com

Address: 88.84.64.30

Or you can use domains.cfg file to spoof all hosts of a domain (wildcard):

<br />root@kali:~/demoBH/dns2proxy# cat dominios.cfg<br />.domain.com 192.168.1.1</p>
<p>root@kali:~/demoBH/dns2proxy# nslookup <a href="http://aaaa.domain.com" class="autohyperlink" data-wpel-link="external" target="_blank" rel="external noopener noreferrer">aaaa.domain.com</a> 127.0.0.1<br />Server: 127.0.0.1<br />Address: 127.0.0.1#53</p>
<p>Name: <a href="http://aaaa.domain.com" class="autohyperlink" data-wpel-link="external" target="_blank" rel="external noopener noreferrer">aaaa.domain.com</a><br />Address: 192.168.1.1</p>
<p>

root@kali:~/demoBH/dns2proxy# cat dominios.cfg

.domain.com 192.168.1.1

Server: 127.0.0.1

Address: 127.0.0.1#53

Name: aaaa.domain.com

Address: 192.168.1.1

Hostnames at nospoof.cfg will not be spoofed.

Config Files

domains.cfg – resolve all hosts/subdomains for the listed domains with the given IP.

<br />.facebook.com 1.2.3.4 .fbi.gov 1.2.3.4

.facebook.com 1.2.3.4 .fbi.gov 1.2.3.4

spoof.cfg – Spoof a single host with a given IP.

nospoof.cfg – Send always a legit response when responding for these hosts.

nospoofto.cfg – Don’t send fake responses to the IPs listed there.

victims.cfg – If not empty, only send fake responses to these IP addresses.

<br />23.66.163.36 195.12.226.131

23.66.163.36 195.12.226.131

resolv.conf DNS server to forward legitimate queries to.

You can download dns2proxy here:

dns2proxy-master.zip

Or read more here.

[ad_2]

Source link