Fév 222019
 

Still playing with Windivert (see original article here), this time we will intercept dns traffic and will modify the IP address in DNS replies containing A records.

The program will dynamically look for hostname to ip couples in a config.ini file.

Say that you want labalec.fr to resolve to 192.168.1.144, then you would create the below ini file and launch intercept-dns 53.


[labalec.fr]
ip=192.168.1.144

Additionally, if you set a dos environement variable like set layer=forward, then you can also use this program in a man-in-the-middle attack (which could lead to another article) to divert forwarded traffic.

The source and binary is available on my github.

The code still has some limitations :
-non existing dns a records replies are not handled
-only replies with one answer are handled

Poster un Commentaire

avatar

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.

  S’abonner  
Notifier de