Wiki
Clone wikiaiengine / DNSHijackingPython
DNS Hijack
Nowadays mobile malware is growing fast on the networks, by using the following example we could check if there is DNS hijacking for certain domains on our network and detect it. Lets see how works by using the functionality of the DNSDomain class:
import pyaiengine
def verifyIPAddress(ip): # Code the logic for verify if and IP address is correct for the given domain return False
def dns_hijack_callback(flow): d = flow.dns_info if (d): for dnsip in d: if (verifyIPAddress(dnsip) == True) print("DNS Hijack on ip %s domain %s" % (flow.src_ip,d.domain_name))
if __name__ == '__main__': st = pyaiengine.StackVirtual()
st.udp_flows = 1638400
dm = pyaiengine.DomainNameManager() dom = pyaiengine.DomainName("Domain to track",".mydomain.com") dom.callback = dns_hijack_callback dm.add_domain_name(dom) st.set_domain_name_manager(dm,"DNSProtocol")
with pyaiengine.PacketDispatcher("eth0") as pd: pd.stack = st pd.run()
Updated