May 15, 2015

Messing With DNS Using NFQUEUE and Scapy

Some days ago I taught myself a little about NFQUEUE and Python. Meanwhile I dug a little more into the matter and looked into building new network packets. In this special case I wanted to create DNS packets. The idea was to intercept DNS requests with Netfilter and return a fake IP address in a faked DNS response.

Messing with packets in Python is quite easy to do when you use the Python bindings for Scapy, a quite powerful packet manipulation tool. A quite good and quick introduction to this tool is given by thePacketGeek. One important thing I had to learn: Scapy is interactive. In the interactive mode you can, for instance, capture and display packets. The coolest thing about this is that once you have a packet captured from your machine you can tell Scapy to print Python code that assembles this packet. So, the interactive mode of Scapy helps you creating code. Neat.

My Python script can be found on Github.

