Still playing with Windivert (see original article here), this time we will intercept inbound dns traffic and will modify the IP address in DNS replies containing A records.
The program will dynamically look for hostname to ip couples in a config.ini file.
Say that you want labalec.fr to resolve to 192.168.1.144, then you would create the below ini file and launch intercept-dns 53.
[labalec.fr]
ip=192.168.1.144
Additionally, if you set a dos environement variable like set layer=forward, then you can also use this program in a man-in-the-middle attack (which could lead to another article) to divert forwarded traffic.
The source and binary is available on my github.
The code still has some limitations :
-non existing dns a records replies are not handled
-only replies with one answer are handled
[…] you can perform an attack with intercept-dns from a previous article (dont forget to do a set layer=forward on the command line then). Or simply […]
[…] you can perform an attack with intercept-dns from a previous article (dont forget to do a set layer=forward on the command line then).Or simply […]