{"id":2082,"date":"2019-02-22T21:19:12","date_gmt":"2019-02-22T20:19:12","guid":{"rendered":"http:\/\/labalec.fr\/erwan\/?p=2082"},"modified":"2019-06-08T20:15:42","modified_gmt":"2019-06-08T18:15:42","slug":"intercept-dns","status":"publish","type":"post","link":"https:\/\/labalec.fr\/erwan\/?p=2082","title":{"rendered":"intercept-dns"},"content":{"rendered":"<p>Still playing with Windivert (see original article <a href=\"https:\/\/labalec.fr\/erwan\/?p=2013\" target=\"_blank\" rel=\"noopener\">here<\/a>), this time we will intercept inbound dns traffic and will modify the IP address in DNS replies containing A records.<\/p>\n<p>The program will dynamically look for hostname to ip couples in a config.ini file.<\/p>\n<p>Say that you want labalec.fr to resolve to 192.168.1.144, then you would create the below ini file and launch <strong>intercept-dns 53<\/strong>.<\/p>\n<p><code><br \/>\n[labalec.fr]<br \/>\nip=192.168.1.144<br \/>\n<\/code><\/p>\n<p>Additionally, if you set a dos environement variable like <strong>set layer=forward<\/strong>, then you can also use this program in a man-in-the-middle attack (which could lead to another article) to divert forwarded traffic.<\/p>\n<p>The source and binary is available on my <a href=\"https:\/\/github.com\/erwan2212\/windivert-fpc\" target=\"_blank\" rel=\"noopener\">github<\/a>.<\/p>\n<p>The code still has some limitations :<br \/>\n-non existing dns a records replies are not handled<br \/>\n-only replies with one answer are handled<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Still playing with Windivert (see original article here), this time we will intercept inbound dns traffic and will modify the IP address in DNS replies containing A records. The program will dynamically look for hostname to ip couples in a config.ini file. Say that you want labalec.fr to resolve to 192.168.1.144, then you would create <a href='https:\/\/labalec.fr\/erwan\/?p=2082' class='excerpt-more'>[&#8230;]<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[105],"class_list":["post-2082","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-windivert","category-1-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"_links":{"self":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts\/2082","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2082"}],"version-history":[{"count":4,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts\/2082\/revisions"}],"predecessor-version":[{"id":2146,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts\/2082\/revisions\/2146"}],"wp:attachment":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2082"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2082"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2082"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}