Python scapy.all.DNSQR Examples
The following are 10
code examples of scapy.all.DNSQR().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
scapy.all
, or try the search function
.
.
Example #1
| Source File: test_pcap.py From beagle with MIT License | 8 votes |
|
def test_single_dns_resp_packet():
packets = [
Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12")
/ IP(src="127.0.0.1", dst="192.168.1.1")
/ UDP(sport=80, dport=53)
/ DNS(rd=1, qd=DNSQR(qtype="A", qname="google.com"), an=DNSRR(rdata="123.0.0.1"))
]
events = list(packets_to_datasource_events(packets).events())
assert len(events) == 1
assert events[0]["src_mac"] == "ab:ab:ab:ab:ab:ab"
assert events[0]["dst_mac"] == "12:12:12:12:12:12"
assert events[0]["src_ip"] == "127.0.0.1"
assert events[0]["dst_ip"] == "192.168.1.1"
assert events[0]["sport"] == 80
assert events[0]["dport"] == 53
assert events[0]["qname"] == "google.com."
assert events[0]["qanswer"] == "123.0.0.1"
assert events[0]["qtype"] == "A"
assert events[0]["event_type"] == "DNS"
Example #2
| Source File: test_pcap.py From beagle with MIT License | 8 votes |
|
def test_multiple_packets():
packets = [
# HTTP Packet
Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12")
/ IP(src="127.0.0.1", dst="192.168.1.1")
/ TCP(sport=12345, dport=80)
/ HTTP()
/ HTTPRequest(Method="GET", Path="/foo", Host="https://google.com"),
# DNS Packet
Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12")
/ IP(src="127.0.0.1", dst="192.168.1.1")
/ UDP(sport=80, dport=53)
/ DNS(rd=1, qd=DNSQR(qtype="A", qname="google.com"), an=DNSRR(rdata="123.0.0.1")),
# TCP Packet
Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12")
/ IP(src="127.0.0.1", dst="192.168.1.1")
/ TCP(sport=80, dport=5355),
]
events = list(packets_to_datasource_events(packets).events())
assert len(events) == 3
assert [e["event_type"] for e in events] == ["HTTPRequest", "DNS", "TCP"]
Example #3
| Source File: test_pcap.py From beagle with MIT License | 6 votes |
|
def test_single_dns_query_packet():
packets = [
Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12")
/ IP(src="127.0.0.1", dst="192.168.1.1")
/ UDP(sport=80, dport=53)
/ DNS(rd=1, qd=DNSQR(qtype="A", qname="google.com"))
]
events = list(packets_to_datasource_events(packets).events())
assert len(events) == 1
assert events[0]["src_mac"] == "ab:ab:ab:ab:ab:ab"
assert events[0]["dst_mac"] == "12:12:12:12:12:12"
assert events[0]["src_ip"] == "127.0.0.1"
assert events[0]["dst_ip"] == "192.168.1.1"
assert events[0]["sport"] == 80
assert events[0]["dport"] == 53
assert events[0]["qname"] == "google.com."
assert events[0]["qtype"] == "A"
assert events[0]["event_type"] == "DNS"
Example #4
| Source File: test_networkx.py From beagle with MIT License | 6 votes |
|
def test_from_datasources():
packets_1 = [
Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12")
/ IP(src="127.0.0.1", dst="192.168.1.1")
/ TCP(sport=12345, dport=80)
/ HTTP()
/ HTTPRequest(Method="GET", Path="/foo", Host="https://google.com")
]
packets_2 = [
# HTTP Packet
Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12")
/ IP(src="127.0.0.1", dst="192.168.1.1")
/ TCP(sport=12345, dport=80)
/ HTTP()
/ HTTPRequest(Method="GET", Path="/foo", Host="https://google.com"),
# DNS Packet
Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12")
/ IP(src="127.0.0.1", dst="192.168.1.1")
/ UDP(sport=80, dport=53)
/ DNS(rd=1, qd=DNSQR(qtype="A", qname="google.com"), an=DNSRR(rdata="123.0.0.1")),
# TCP Packet
Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12")
/ IP(src="127.0.0.1", dst="192.168.1.1")
/ TCP(sport=80, dport=5355),
]
nx = NetworkX.from_datasources(
[packets_to_datasource_events(packets) for packets in [packets_1, packets_2]]
)
# Make the graph
nx.graph()
assert not nx.is_empty()
Example #5
| Source File: dns_spoof.py From hacking_tools with MIT License | 6 votes |
|
def spoof_packet(packet):
options = get_arguments()
dns_packet = scapy.IP(packet.get_payload())
if dns_packet.haslayer(scapy.DNSRR):
qname = dns_packet[scapy.DNSQR].qname
if options.website in qname:
dns_responce = scapy.DNSRR(rrname=qname, rdata=options.ip)
dns_packet[scapy.DNS].an = dns_responce
dns_packet[scapy.DNS].ancount = 1
del dns_packet[scapy.IP].len
del dns_packet[scapy.IP].chksum
del dns_packet[scapy.UDP].len
del dns_packet[scapy.UDP].chksum
packet.set_payload(str(dns_packet))
packet.accept()
Example #6
| Source File: mdns_utils.py From cotopaxi with GNU General Public License v2.0 | 6 votes |
|
def mdns_send_query(test_params, query, send_multicast=True):
"""Send mDNS query to normal and multicast address."""
dns_sd_query = str(DNS(rd=1, qd=DNSQR(qname=query, qtype="PTR")))
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
time.sleep(1)
udp_sr1(test_params, dns_sd_query)
if send_multicast:
multicast_test_params = copy.deepcopy(test_params)
if test_params.ip_version == 4:
multicast_test_params.dst_endpoint.ip_addr = DNS_SD_MULTICAST_IPV4
sock.sendto(
str(dns_sd_query),
(DNS_SD_MULTICAST_IPV4, multicast_test_params.dst_endpoint.port),
)
elif test_params.ip_version == 6:
multicast_test_params.dst_endpoint.ip_addr = DNS_SD_MULTICAST_IPV6
sock.sendto(
str(dns_sd_query),
(DNS_SD_MULTICAST_IPV6, multicast_test_params.dst_endpoint.port),
)
else:
return
Example #7
| Source File: time_test.py From raw-packet with MIT License | 5 votes |
|
def scapy_send_dns_requests(number_of_packets):
for _ in range(number_of_packets):
dns_request = Ether(src=ethernet_src, dst=ethernet_dst) /\
IP(src=ip_src, dst=ip_dst) /\
UDP(dport=53, sport=randint(1024, 65535)) /\
DNS(id=randint(1, 1000), rd=1, qd=DNSQR(qname="www." + str(randint(1, 1000)) + ".com"))
sendp(dns_request, verbose=False)
# endregion
# region Main function
Example #8
| Source File: dns.py From kube-hunter with Apache License 2.0 | 5 votes |
|
def get_kube_dns_ip_mac(self):
config = get_config()
kubedns_svc_ip = self.extract_nameserver_ip()
# getting actual pod ip of kube-dns service, by comparing the src mac of a dns response and arp scanning.
dns_info_res = srp1(
Ether() / IP(dst=kubedns_svc_ip) / UDP(dport=53) / DNS(rd=1, qd=DNSQR()),
verbose=0,
timeout=config.network_timeout,
)
kubedns_pod_mac = dns_info_res.src
self_ip = dns_info_res[IP].dst
arp_responses, _ = srp(
Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(op=1, pdst=f"{self_ip}/24"), timeout=config.network_timeout, verbose=0,
)
for _, response in arp_responses:
if response[Ether].src == kubedns_pod_mac:
return response[ARP].psrc, response.src
Example #9
| Source File: packet_processor.py From iot-inspector-client with MIT License | 4 votes |
|
def _process_dns(self, pkt):
src_mac = pkt[sc.Ether].src
dst_mac = pkt[sc.Ether].dst
src_ip = pkt[sc.IP].src
dst_ip = pkt[sc.IP].dst
# Find device ID
if pkt[sc.DNS].qr == 0:
# DNS request
if dst_mac == self._host_state.host_mac:
device_mac = src_mac
resolver_ip = dst_ip
else:
return
else:
# DNS response
if src_mac == self._host_state.host_mac:
device_mac = dst_mac
resolver_ip = src_ip
else:
return
device_id = utils.get_device_id(device_mac, self._host_state)
# Parse domain
try:
domain = pkt[sc.DNSQR].qname.decode('utf-8').lower()
except Exception:
return
# Remove trailing dot from domain
if domain[-1] == '.':
domain = domain[0:-1]
# Parse DNS response
ip_set = set()
if sc.DNSRR in pkt and pkt[sc.DNS].an:
for ix in range(pkt[sc.DNS].ancount):
# Extracts A-records
if pkt[sc.DNSRR][ix].type == 1:
# Extracts IPv4 addr in A-record
ip = pkt[sc.DNSRR][ix].rdata
if utils.is_ipv4_addr(ip):
ip_set.add(ip)
with self._host_state.lock:
dns_key = (device_id, domain, resolver_ip, 0)
current_ip_set = self._host_state \
.pending_dns_dict.setdefault(dns_key, set())
ip_set = ip_set | current_ip_set
self._host_state.pending_dns_dict[dns_key] = ip_set
Example #10
| Source File: dns_sniffer.py From DNS_sniffer with Creative Commons Zero v1.0 Universal | 4 votes |
|
def process(pkt):
global quiet
global databaseConn
if pkt.haslayer(DNSQR) and UDP in pkt and pkt[UDP].sport == 53:
# pkt[IP].dst == IP source of the DNS request
# pkt[IP].src == IP of the DNS server
# pkt[DNS].an.rrname == DNS name
query = pkt[DNS].an.rrname if pkt[DNS].an != None else "?"
if not pkt[IP].dst in queries_liste:
queries_liste[pkt[IP].dst] = {}
if not pkt[IP].src in queries_liste[pkt[IP].dst]:
queries_liste[pkt[IP].dst][pkt[IP].src] = {}
if not query in queries_liste[pkt[IP].dst][pkt[IP].src]:
queries_liste[pkt[IP].dst][pkt[IP].src][query] = 1
else:
queries_liste[pkt[IP].dst][pkt[IP].src][query] += 1
if databaseConn and query != None and None != "?":
databaseCursor.execute("INSERT OR IGNORE INTO domains (domain) VALUES (?);", (query,))
databaseConn.commit()
databaseCursor.execute("SELECT idDomain FROM domains WHERE domain=?;", (query,))
domainId = databaseCursor.fetchone()[0]
databaseCursor.execute("SELECT count, idWhoAsk FROM whoAsk WHERE ipFrom=? AND ipTo=? AND domainId=?;", (pkt[IP].src, pkt[IP].dst, domainId))
whoAsk = databaseCursor.fetchone()
if whoAsk:
databaseCursor.execute("UPDATE whoAsk SET count=? WHERE idWhoAsk=?",(whoAsk[0]+1 if whoAsk[0] else 2, whoAsk[1]))
else:
databaseCursor.execute("INSERT INTO whoAsk (ipFrom, ipTo, domainId, count) VALUES (?,?,?,1);", (pkt[IP].src, pkt[IP].dst, domainId))
databaseConn.commit()
if not quiet:
system('clear')
print("{:15s} | {:15s} | {:15s} | {}".format("IP source", "DNS server", "Count DNS request", "Query"))
for ip in queries_liste:
print("{:15s}".format(ip)) # IP source
for query_server in queries_liste[ip]:
print(" "*18+"{:15s}".format(query_server)) # IP of DNS server
for query in queries_liste[ip][query_server]:
print(" "*36+"{:19s} {}".format(str(queries_liste[ip][query_server][query]),query)) # Count DNS request | DNS
