/* include send_dns_query_libnet */ void send_dns_query(void) { char qbuf[24], *ptr; u_int16_t one; int packet_size = LIBNET_UDP_H + LIBNET_DNSV4_H + 24; static libnet_ptag_t ip_tag, udp_tag, dns_tag; /* build query portion of DNS packet */ ptr = qbuf; memcpy(ptr, "\001a\014root-servers\003net\000", 20); ptr += 20; one = htons(1); memcpy(ptr, &one, 2); /* query type = A */ ptr += 2; memcpy(ptr, &one, 2); /* query class = 1 (IP addr) */ /* build DNS packet */ dns_tag = libnet_build_dnsv4( 1234 /* identification */, 0x0100 /* flags: recursion desired */, 1 /* # questions */, 0 /* # answer RRs */, 0 /* # authority RRs */, 0 /* # additional RRs */, qbuf /* query */, 24 /* length of query */, l, dns_tag); /* build UDP header */ udp_tag = libnet_build_udp( ((struct sockaddr_in *) local)->sin_port /* source port */, ((struct sockaddr_in *) dest)->sin_port /* dest port */, packet_size /* length */, 0 /* checksum */, NULL /* payload */, 0 /* payload length */, l, udp_tag); /* Since we specified the checksum as 0, libnet will automatically */ /* calculate the UDP checksum. Turn it off if the user doesn't want it. */ if (zerosum) if (libnet_toggle_checksum(l, udp_tag, LIBNET_OFF) < 0) err_quit("turning off checksums: %s\n", libnet_geterror(l)); /* build IP header */ /* *INDENT-OFF* */ ip_tag = libnet_build_ipv4(packet_size + LIBNET_IPV4_H /* len */, 0 /* tos */, 0 /* IP ID */, 0 /* fragment */, TTL_OUT /* ttl */, IPPROTO_UDP /* protocol */, 0 /* checksum */, ((struct sockaddr_in *) local)->sin_addr.s_addr /* source */, ((struct sockaddr_in *) dest)->sin_addr.s_addr /* dest */, NULL /* payload */, 0 /* payload length */, l, ip_tag); /* *INDENT-ON* */ if (libnet_write(l) < 0) { err_quit("libnet_write: %s\n", libnet_geterror(l)); } if (verbose) printf("sent: %d bytes of data\n", packet_size); }
/* Build the new packet and inject it */ void spoof_dns(char *device) { // printf("Common Dude!"); struct in_addr src, dst, spoof; /* For printing addresses */ int inject_size; /* Number of bytes of injected packet */ int packet_size; /* Size of the packet */ int i; /* misc */ u_char *packet; /* Packet to be built */ libnet_t *handler; /* Libnet handler */ libnet_ptag_t dns, tcp, udp, ip; /* Libnet ptags */ char errbuf[LIBNET_ERRBUF_SIZE]; /* Error buffer */ packet_size = spoofpacket.payload_size + LIBNET_IPV4_H + LIBNET_UDP_H + LIBNET_DNS_H; /* Open a raw socket */ handler = libnet_init(LIBNET_RAW4, device, errbuf); if (handler == NULL) { printf("Error opening a socket: %s\n", errbuf); exit(1); } /* DNS header construction */ dns = 0; udp = 0; tcp = 0; ip = 0; /*****************************************************/ /******* USE: libnet to construct DNS header here ****/ /*****************************************************/ libnet_build_dnsv4 ( LIBNET_UDP_DNSV4_H, spoofpacket.dns_id, 0x8180, 1, 1, 0, 0, spoofpacket.payload, //insert payload spoofpacket.payload_size, //36 //insert length handler, dns ); if (dns == -1) { printf("Building DNS header failed: %s\n", libnet_geterror(handler)); exit(1); } // printf("DST PORT: %d\n", spoofpacket.dst_port); // printf("SRC PORT: %d\n", spoofpacket.src_port); //printf("UDP Data: %d\n", spoofpacket.payload_size); /* UDP header construction */ /*** Use libnet to construct UDP header here **/ libnet_build_udp ( spoofpacket.dst_port, spoofpacket.src_port, spoofpacket.payload_size + LIBNET_DNS_H + LIBNET_UDP_H, // 36 + 12 + 8 0, //insert UDP checksum. have to check later NULL, //insert payload 0, //insert lenghth handler, udp ); if (udp ==-1) { printf("Building UDP header failed: %s\n", libnet_geterror(handler)); exit(1); } /* IP header construction */ /*****************************************************/ /******* USE: libnet to construct IP header here ****/ /*****************************************************/ libnet_build_ipv4 ( packet_size, //56 + 20 0, 6888, //libnet_get_prand (LIBNET_PRu16) 0, 127, IPPROTO_UDP, 0, ////insert IP checksum value. have to check later spoofpacket.dst_address, spoofpacket.src_address, NULL, //insert payload 0, //insert length handler, ip ); //Remember, all length can be debatable if (ip == -1) { printf("Building IP header failed: %s\n", libnet_geterror(handler)); exit(1); } /* Calculate checksum */ /****** USE: libnet function to generate checksum*******/ /*******************************************************/ /* Inject the packet */ /*******************************************************/ inject_size = libnet_write(handler); //printf("Inject: %d\n", inject_size); if (inject_size == -1) { printf("Write failed: %s\n", libnet_geterror(handler)); } printf("--- Spoofed DNS Response injected ---\n\n"); /* Destroy the packet */ /*******************************************************/ /**************** USE: libnet_destroy() ****************/ /*******************************************************/ libnet_destroy(handler); }
int main(int argc, char *argv[]) { char c; u_long src_ip = 0, dst_ip = 0; u_short type = LIBNET_UDP_DNSV4_H; libnet_t *l; libnet_ptag_t ip; libnet_ptag_t ptag4; /* TCP or UDP ptag */ libnet_ptag_t dns; char errbuf[LIBNET_ERRBUF_SIZE]; char *query = NULL; char payload[1024]; u_short payload_s; printf("libnet 1.1 packet shaping: DNSv4[raw]\n"); /* * Initialize the library. Root priviledges are required. */ l = libnet_init( LIBNET_RAW4, /* injection type */ NULL, /* network interface */ errbuf); /* error buffer */ if (!l) { fprintf(stderr, "libnet_init: %s", errbuf); exit(EXIT_FAILURE); } /* * parse options */ while ((c = getopt(argc, argv, "d:s:q:t")) != EOF) { switch (c) { case 'd': if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad destination IP address: %s\n", optarg); exit(EXIT_FAILURE); } break; case 's': if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad source IP address: %s\n", optarg); exit(EXIT_FAILURE); } break; case 'q': query = optarg; break; case 't': type = LIBNET_TCP_DNSV4_H; break; default: exit(EXIT_FAILURE); } } if (!src_ip) { src_ip = libnet_get_ipaddr4(l); } if (!dst_ip || !query) { usage(argv[0]); exit(EXIT_FAILURE); } /* * build dns payload */ payload_s = snprintf(payload, sizeof payload, "%c%s%c%c%c%c%c", (char)(strlen(query)&0xff), query, 0x00, 0x00, 0x01, 0x00, 0x01); /* * build packet */ dns = libnet_build_dnsv4( type, /* TCP or UDP */ 0x7777, /* id */ 0x0100, /* request */ 1, /* num_q */ 0, /* num_anws_rr */ 0, /* num_auth_rr */ 0, /* num_addi_rr */ payload, payload_s, l, 0 ); if (dns == -1) { fprintf(stderr, "Can't build DNS packet: %s\n", libnet_geterror(l)); goto bad; } if (type == LIBNET_TCP_DNSV4_H) /* TCP DNS */ { ptag4 = libnet_build_tcp( 0x6666, /* source port */ 53, /* destination port */ 0x01010101, /* sequence number */ 0x02020202, /* acknowledgement num */ TH_PUSH|TH_ACK, /* control flags */ 32767, /* window size */ 0, /* checksum */ 0, /* urgent pointer */ LIBNET_TCP_H + LIBNET_TCP_DNSV4_H + payload_s, /* TCP packet size */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (ptag4 == -1) { fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l)); goto bad; } ip = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_TCP_H + type + payload_s,/* length */ 0, /* TOS */ 242, /* IP ID */ 0, /* IP Frag */ 64, /* TTL */ IPPROTO_TCP, /* protocol */ 0, /* checksum */ src_ip, /* source IP */ dst_ip, /* destination IP */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (ip == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); exit(EXIT_FAILURE); } } else /* UDP DNS */ { ptag4 = libnet_build_udp( 0x6666, /* source port */ 53, /* destination port */ LIBNET_UDP_H + LIBNET_UDP_DNSV4_H + payload_s, /* packet length */ 0, /* checksum */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (ptag4 == -1) { fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l)); goto bad; } ip = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_UDP_H + type + payload_s,/* length */ 0, /* TOS */ 242, /* IP ID */ 0, /* IP Frag */ 64, /* TTL */ IPPROTO_UDP, /* protocol */ 0, /* checksum */ src_ip, /* source IP */ dst_ip, /* destination IP */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (ip == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); exit(EXIT_FAILURE); } } /* * write to the wire */ c = libnet_write(l); if (c == -1) { fprintf(stderr, "Write error: %s\n", libnet_geterror(l)); goto bad; } else { fprintf(stderr, "Wrote %d byte DNS packet; check the wire.\n", c); } libnet_destroy(l); return (EXIT_SUCCESS); bad: libnet_destroy(l); return (EXIT_FAILURE); }