lanturtle-modules/modules/dnsmasq-spoof

88 lines
3.1 KiB
Plaintext
Raw Permalink Normal View History

#!/bin/bash /usr/lib/turtle/turtle_module
VERSION="1.1"
DESCRIPTION="DNSSpoof using DNSMasq instead of Dsniff tools"
CONF=/tmp/dnsmasq.form
: ${DIALOG_OK=0}
: ${DIALOG_CANCEL=1}
: ${DIALOG_HELP=2}
: ${DIALOG_EXTRA=3}
: ${DIALOG_ITEM_HELP=4}
: ${DIALOG_ESC=255}
function configure {
# Add dnsmasq configuration if not already in conf file
if ! grep -q addn-hosts=/etc/dnsmasq.hosts /etc/dnsmasq.conf; then
echo -e "no-dhcp-interface=
server=8.8.8.8
no-hosts
addn-hosts=/etc/dnsmasq.hosts" >> /etc/dnsmasq.conf
fi
# Add example dnsmasq hosts if it doesn't already exist
if [ ! -e /etc/dnsmasq.hosts ]; then
touch /etc/dnsmasq.hosts
echo -e "172.16.84.1 example.com www.example.com" > /etc/dnsmasq.hosts
fi
dialog \
--help-button \
--title "DNSMasq Hosts Configuration (/etc/dnsmasq.hosts)" \
--editbox /etc/dnsmasq.hosts 18 72\
2>$CONF
return=$?
case $return in
$DIALOG_OK)
cat $CONF | {
cat $CONF > /etc/dnsmasq.hosts
rm $CONF
};;
$DIALOG_HELP)
dialog --title "Help" \
--msgbox "\
As an alternative to DNSSpoof, DNSMasq can be used to forge replies to arbitrary DNS addresses / pointer queries on the LAN. \
This is useful in bypassing hostname-based access controls, or in implementing a variety of man-in-the-middle attacks.\n\n\
In some circumstances DNSMasq may perform better than DNSSpoof. The only configuration difference is the syntax of the hosts file.\n\n\
For example, the IP address returned for a client lookup of the domain \"example.com\" can be replaced with that of the LAN Turtle itself, or a 3rd party server. \
The dnsmasq.hosts editor lists the IP address and Domain names to spoof. The default example replaces example.com with the IP address 172.16.84.1 - the LAN Turtle default address.\n\n\
Each line contains the IP address and one or more domains separated by spaces or tabs. For example:\n\n\
172.16.84.1 example.com www.example.com mail.example.com\n\n
In this scenario, the computer connected to the Internet through the LAN Turtle attempting to browse to this domain may be redirected to the spoofed IP.\n\n\
" 20 72
configure
;;
$DIALOG_CANCEL)
rm $CONF;;
$DIALOG_ESC)
rm $CONF;;
esac
}
function start {
if grep addn-hosts /etc/dnsmasq.conf &> /dev/null; then
echo "DNSMasq already running with spoofhost. Restarting."
/etc/init.d/dnsmasq stop && /etc/init.d/dnsmasq start
else
echo "Starting DNSMasq with spoofhost"
echo "addn-hosts=/etc/dnsmasq.hosts" >> /etc/dnsmasq.conf
/etc/init.d/dnsmasq stop && /etc/init.d/dnsmasq start
echo "DNSMasq Started with spoofhost"
fi
}
function stop {
if grep addn-hosts /etc/dnsmasq.conf &> /dev/null; then
echo "Restarting DNSMasq without spoofhost"
sed -i '/addn-hosts=\/etc\/dnsmasq.hosts/d' /etc/dnsmasq.conf
/etc/init.d/dnsmasq stop && /etc/init.d/dnsmasq start
echo "DNSMasq restarted without spoofhost"
else
echo "DNSMasq isn't running with spoofhost"
fi
}
function status {
if grep addn-hosts /etc/dnsmasq.conf &> /dev/null; then echo "1"; else echo "0"; fi
}