Fév 172019
 

In a previous article, we had built a transparent proxy for tcp (outbound) connections.

In short any tcp outbound connection on port_x would be redirected to ip:port_z.

Main usage was to implement a transparent proxy for http traffic (applications would « transparently » be redirected to a proxy accepting « intercepted » traffic).

This time, lets do the same for (outbound) UDP.

One possible scenario : intercept all outbound dns traffic and redirect to another dns server.

Syntax:

proxy-udp 1.0 by erwan2212@gmail.com
proxy-udp original_port new_port new_ip [local]
remember that if you divert to a local app, this local app could be diverted as well.

Example : proxy-udp 53 53 192.168.1.144 local
With a rogue dns server running locally (skip the ‘local’ if the rogue server is running on another host).

Note the warning about diverting to a local app.
For instance, you could be running your local rogue server locally but then since this rogue server will also perform dns queries, you would end up in catch 22 situation.
Possible workarounds :
-have your rogue server « escape » the filter and use a remote udp port different than the filtered one (i.e something different than 53) OR a different protocol (i.e something different than UDP)
-review the code and filter on the original dns server
-review the code and exclude the dns server used by the rogue server

Source code and binaries can be found on my github.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.