DNSchef

Description

DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka “Fake DNS”) is a tool used for application network traffic analysis among other uses.

Usage

Syntax

dnschef [options]

Options

  --fakeip=192.168.1.100
                        IP address to use for matching DNS queries. If you use
                        this parameter without specifying domain names, then
                        all queries will be spoofed. Consider using --file
                        argument if you need to define more than one IP
                        address.
  --fakedomains=thesprawl.org,google.com
                        A comma separated list of domain names which will be
                        resolved to a FAKE value specified in the --ip
                        parameter. All other domain names will be resolved to
                        their true values.
  --truedomains=thesprawl.org,google.com
                        A comma separated list of domain names which will be
                        resolved to their TRUE values. All other domain names
                        will be resolved to a fake value specified in the --ip
                        parameter.
  --nameservers=4.2.2.1,4.2.2.2
                        A comma separated list of alternative DNS servers to
                        use with proxied requests. A randomly selected server
                        from the list will be used for proxy requests. By
                        default, the tool uses Google's public DNS server
                        8.8.8.8.
  --file=FILE           Specify a file containing a list of DOMAIN=IP pairs
                        (one pair per line) used for DNS responses. For
                        example: google.com=1.1.1.1 will force all queries to
                        'google.com' to be resolved to '1.1.1.1'. You can be
                        even more specific by combining --file with other
                        arguments. However, data obtained from the file will
                        take precedence over others.
  --interface=0.0.0.0   Define an interface to use for the DNS listener. For
                        example, use 127.0.0.1 to listen for only requests
                        coming from a loopback device.
  --tcp                 Use TCP DNS proxy instead of the default UDP.
  -q, --quiet           Don't show headers.

Example

cyborg@cyborg:~$ dnschef --fakeip 127.0.0.1 -q
[*] DNS Chef started on interface: 127.0.0.1 
[*] Using the following nameservers: 8.8.8.8
[*] Cooking all replies to point to 127.0.0.1
[12:31:23] 127.0.0.1: cooking the response of type 'A' for google.com to 127.0.0.1
[12:31:23] 127.0.0.1: proxying the response of type 'AAAA' for google.com
[12:31:28] 127.0.0.1: proxying the response of type 'AAAA' for google.com
[12:31:29] 127.0.0.1: proxying the response of type 'MX' for google.com
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?