On Sat, Nov 12, 2022 at 04:15:38PM +0800, Geert Stappers via Dnsmasq-discuss
wrote:
> On Sat, Nov 12, 2022 at 10:30:09AM +0800, ZhangJiangyu 张江瑜 via
> Dnsmasq-discuss wrote:
> > Hi,
> >
> > Description
> >
> > When the DNS forwarder iteratively queries the malicious domain name
> > server, it returns some malformed dns packets, and dnsmasq returns the
> > packet to the client without proper verification, which will give the
> > user a distrust or malicious data. Other authoritative dns servers
> > have done correct verification. there are three bugs below, you can
> > start a fake domain name server locally and return specific data.
> >
> > Steps to reproduce
> >
> > 1、Turn on a fake name server and return a specific payload.
> How?
Hi,
Thanks to Geert Stappers for the advice on replying to the maillist.
You need a few steps to reproduce:
* Run the command (sudo python3 dns_server.py "response filename path") to
listen on port 53. This will start a fake dns server, receive the request, and
return the result.
* Start the dnsmasq software to listen on port 5353.
* The configuration file is as follows:
"port=5353
no-daemon
no-resolv
server = 127.0.0.1
bind-interfaces
no-hosts"
* Run the command (./dnsmasq -C ./dnsmasq.conf) to start the dnsmasq.
* Run the command (python3 dns_request.py "request filename path" 5353) to send
the request, dnsmasq will forward the request to our fake dns server, return
the message and then return it to the client.
* Analyze the message returned to the client, you will find that there is a
problem with the message, and the correct verification is not done.
Next, I will give the download link of the corresponding python script, request
file and response file, which can be reproduced after downloading.
* dns_request.py
* https://643684107.oss-cn-beijing.aliyuncs.com/dns/dns_request.py
* dns_server.py
* https://643684107.oss-cn-beijing.aliyuncs.com/dns/dns_server.py
* first bug:
* request file:
https://qu-hexo-static.oss-cn-hangzhou.aliyuncs.com/ping/request1
* response file:
https://qu-hexo-static.oss-cn-hangzhou.aliyuncs.com/ping/response1
* second bug:
* request file:
https://qu-hexo-static.oss-cn-hangzhou.aliyuncs.com/ping/request2
* response file:
https://qu-hexo-static.oss-cn-hangzhou.aliyuncs.com/ping/response2
* third bug:
* request file:
https://qu-hexo-static.oss-cn-hangzhou.aliyuncs.com/ping/request3
* response file:
https://qu-hexo-static.oss-cn-hangzhou.aliyuncs.com/ping/response3
Thanks,
P1n9
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
