March 26, 2018
0

FakeDns: Python MITM DNS server with support for DNS Rebinding attacks

Category : Blog

FakeDns

FakeDns is A regular-expression based python MITM DNS server with correct DNS request passthrough and “Not Found” responses.

Now with round-robin & improved options. A python regular-expression based DNS server.

How to use the hosts file to fake DNS:

The hosts file is stored on a computer or device to provide local entries for DNS lookup. Normally when you try to resolve a hostname or domain, your computer will consult your specified DNS server to discover the IP address that it points to. This requires that there is an existing DNS server out there with the record that you require, with the hosts file you can fake DNS entries that will resolve only on the local machine.

It’s great for testing or troubleshooting. If any one want to use a specific hostname that no DNS exists for, though ideally you should create DNS records where possible as they can be centrally managed. It can help to get around DNS propagation issues, for example if a DNS record has been updated but had a TTL of 24 hours you may have to wait up to this long (assuming the cache cannot be cleared) before the record will resolve to the new IP address. By adding a temporary host file entry you can resolve to the new IP address straight away as the hosts file takes precedence over external DNS.

Round-Robin:

Round-robin rules are implemented. Every time a client requests a matching rule, FakeDNS will serve out the next IP in the list of IP’s provided in the rule.
A list of IP’s is comma-separated.

DNS Rebinding:

FakeDNS supports rebinding rules, which basically means that the server accepts a certain number of requests from a client for a domain until a threshold (default 1 request) and then it changes the IP address to a different one.