A targeted DNS cache poisoner.
Report Bug
·
Request Feature
Table of Contents
deserter is a targeted DNS cache poisoner. It is capable of DNS cache poisoning without bruteforcing the target ID and source port - instead, it sniffs out DNS probes and uses the information inside to craft poisoned responses and send them back to the target.
- Silence - deserter doesn't flood the network with any type of packet - it only ever sends a single response per query received
- Speed - written in C++, the tool is fast which is required when racing against packets coming from the legitimate name server
- Robustness - deserter supports both A and AAAA record types. Support for authority poisoning and DNS over IPv6 is also coming!
To get a local copy up and running follow these simple steps.
In order for the tool to work, the attacker needs to be on the same network as the victim. Sometimes, arp spoofing may also be required - usually on physical connections through Ethernet.
- Clone the repo with its submodule
git clone --recurse-submodules https://github.com/cr0mll/deserter- Install libpcap
sudo apt-get install libpcap-dev- Change into
deserter/scripts
cd deserter/scripts- Change the permissions for the installation script and run it
chmod +x install.sh./install.sh- Clone the repo with its submodule
git clone --recurse-submodules https://github.com/cr0mll/deserter- Change into
deserter/scripts
cd deserter/scripts- Change the permissions for the installation script and run it with the
SUPPORT_MULTIPLE_QUERIES_IN_A_SINGLE_REQUESToption
chmod +x install.sh./install.sh SUPPORT_MULTIPLE_QUERIES_IN_A_SINGLE_REQUESTThe tool requires sudo permissions to be run.
You can run deserter with --help to get information about all of the available options. Three of them are required:
-t- the IPv4 address of the victim-b- the IPv4 address to poison resource records with-i- the interface to use (IP address or a name)
The following syntax can be used for a simple DNS cache poisoning attack:
./deserter -t <victim IP> -b <bad IP> -i <interface>or
./deserter --target <victim IP> --bad_ip <bad IP> --interface <interface>
We are successful:
It is also possible to specify which domains you want deserter to poison by using the --domains or -d options and then specifying a list of domains separated by commas without spaces:
./deserter -t <victim IP> -b <bad IP> -i <interface> -d domain1,domain2,domain3,...
deserter is capable of poisoning AAAA records, as well. You will need to specify the --bad-ipv6 option followed by the IPv6 address you want to poison the cache with:
By default, deserter ends its execution after poisoning a single probe. You can tell it to continue waiting for packets and poisoning them by specifying the --keep-alive command-line argument:
- Support for DNS over IPv6
- See the open issues for a list of proposed features (and known issues).
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the MIT License. See LICENSE for more information.
Project Link: https://github.com/cr0mll/deserter