Still playing with Windivert (see original article here), this time we will intercept inbound dns traffic and will modify the IP address in DNS replies containing A records.
The program will dynamically look for hostname to ip couples in a config.ini file.
Say that you want labalec.fr to resolve to 192.168.1.144, then you would create the below ini file and launch intercept-dns 53.
Additionally, if you set a dos environement variable like set layer=forward, then you can also use this program in a man-in-the-middle attack (which could lead to another article) to divert forwarded traffic.
The source and binary is available on my github.
The code still has some limitations :
-non existing dns a records replies are not handled
-only replies with one answer are handled