4/14/2019 - 10:38 AM

Faking DNS from userland.md

Rendered
Source

Faking DNS from userland

To give false DNS responses from userland we need to handle different type of syscalls : gethostbyname(), gethostbyname2(), getaddrinfo(), getnameinfo(), etc. To cover all these cases, and to prevent leaks to real dns servers, we will use two libraries : libresolv_wrapper and libnss_wrapper.

Installation

Install resolv_wrapper and nss_wrapper, either from sources or from your favorite Linux distribution.

Configuration

Add the following content to your .bashrc (or .profile)

export LD_PRELOAD
export NSS_WRAPPER_HOSTS="$HOME/.fakehosts"
export RESOLV_WRAPPER_HOSTS="$HOME/.fakedns"

if [ -f "/usr/local/lib/libresolv_wrapper.so" ]; then
        LD_PRELOAD="/usr/local/lib/libresolv_wrapper.so $LD_PRELOAD"
fi

if [ -f "/usr/local/lib/libnss_wrapper.so" ]; then
        LD_PRELOAD="/usr/local/lib/libnss_wrapper.so $LD_PRELOAD"
fi

Usage

Adding a fake DNS

In your ~/.fakehosts :

127.0.0.10      my-super-site.example.com www.my-super-site.example.com
192.168.33.100   fake-dns-for-real-site.com   www.fake-dns-for-real-site.com

and in file ~/.fakedns :

A   my-super-site.example.com 127.0.0.10
A   www.my-super-site.example.com 127.0.0.10
A   fake-dns-for-real-site.com 192.168.33.100
A   www.fake-dns-for-real-site.com        192.168.33.100

Using the fake DNS resolver

First, make sure the environment variable LD_PRELOAD includes both libraries
then run the program (ex: firefox, chrome) that should access to the fake DNS .

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster