CyberHosting

Python UDP DNS to TCP DNS converter

I'm trying to use NFQUEUE and Scapy to convert any UDP DNS request to TCP DNS requests and then respond the UDP DNS request with a crafted UDP packet based on TCP DNS resonse. This is the script that I wrote so far:

#! /usr/bin/env python2.7
from scapy.all import *
from netfilterqueue import NetfilterQueue
import os
import dns.resolver

myResolver = dns.resolver.Resolver()

def resolv_dns(payload):
udp_query_pkt = IP(payload.get_payload())
domain = udp_query_pkt[DNS].qd.qname
ip_addrs = myResolver.query(domain, "A", tcp=True)

if not udp_query_pkt.haslayer(DNSQR):
payload.set_verdict(nfqueue.NF_ACCEPT)
else:
if domain in udp_query_pkt[DNS].qd.qname:
print str(ip_addrs[0])
udp_resp_pkt = IP(dst=udp_query_pkt[IP].src, src=udp_query_pkt[IP].dst)/\
UDP(dport=udp_query_pkt[UDP].sport, sport=udp_query_pkt[UDP].dport)/\
DNS(id=udp_query_pkt[DNS].id, qr=1, aa=1, qd=udp_query_pkt[DNS].qd,\
an=DNSRR(rrname=udp_query_pkt[DNS].qd.qname, ttl=10, rdata=str(ip_addrs[0])))
send(udp_resp_pkt)
payload.drop()

nfqueue = NetfilterQueue()
nfqueue.bind(1, resolv_dns)

try:
os.system("iptables -A OUTPUT -p udp --dport 53 -j NFQUEUE --queue-num 1")
print "[*] waiting for data"
nfqueue.run()
except KeyboardInterrupt:
os.system("iptables -D OUTPUT -p udp --dport 53 -j NFQUEUE --queue-num 1")
pass
The problem with the script is that it doesn't work!

Actually I can see the correponding DNS packets in the wireshark and they seems okay: enter image description here

But I can't open any website! Actually the UDP DNS request timed out:

ebrahim@ebrahim:~$ dig www.xyw.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.xyw.com
;; global options: +cmd
;; connection timed out; no servers could be reached
What's wrong?

Update:

After @Pierre's answer, I changed the IPTable rule to send the received UDP DNS responses to the NFQUEUE (instead of sent DNS queries) and then I modified resolv_dns function as below(to replace IP address in the UDP DNS response with the new IP address which I received using TCP DNS query):

def resolv_dns(packet):
pkt = IP(packet.get_payload())
domain = pkt[DNS].qd.qname
ip_addrs = myResolver.query(domain, "A", tcp=True)
pkt[DNS].an.rdata = str(ip_addrs[0])
packet.set_payload(str(pkt))
packet.accept()
But still it doesn't work!
Sign In or Register to comment.
CyberHosting CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!