.net/c# implements DNS hijacking source code

Little scum · Posted on 11/10/2017 10:31:54 AM

Now that Internet DNS hijacking is common, it is easy for operators to implement DNS hijacking, what is DNS hijacking? Baidu Encyclopedia is introduced as follows:

DNS hijacking, also known as domain name hijacking, refers to intercepting domain name resolution requests within the hijacked network, analyzing the requested domain names, and releasing requests outside the scope of review, otherwise returning a fake IP address or doing nothing to make the request unresponsive.

Today, I want to crack the program I wrote, the program needs http authentication to run normally, so crack the program, you can forge the http response content, to make the program think that I am an authenticated user, fake http response, there are many methods, today I thought about it, can you use the DNS hijacking method to forge the corresponding IP address of the domain name, so as to forge the http response content.

To implement DNS hijacking, the easiest way is the hosts file, there are a lot of specific methods on the Internet, today, let's write a DNS hijacking gadget in C#

The first step was that we wrote the program at that time, and the purpose of the program was to put the programwww.itsvse.comThe parsing points to 127.0.0.1, I have built an 80-port website with IIS, not to mention this step, the source code is at the bottom.

The second step is to modify the DNS server of the machine to 127.0.0.1, as shown in the figure below:

The third step is to start the program we have written, and then, we access it with the websitewww.itsvse.com, you will find that the content returned by the website is not the content of our real website! The content of another web page has been completely forged, as shown below:

When we open Baidu, we will find that Baidu cannot be opened because we only respondwww.itsvse.comThe resolution of domain name requests is ignored by other domain name resolutions, as shown in the figure below:

How do we deal with DNS hijacking? There are many ways, but there are policies and countermeasures, is the spear strong or the shield powerful?

Haha, Done.

Source code download:

Tourists, if you want to see the hidden content of this post, pleaseReply

Zmoli775 · Posted on 12/27/2017 10:54:20 AM

This post was last edited by Zmoli775 on 2017-12-27 13:52

When we open Baidu, we will find that Baidu cannot be opened because we only respondwww.itsvse.comThe resolution of domain name requests is ignored by other domain name resolutions, as shown in the figure below:
Can you hijack the designated URL, the rest of the domain name can be accessed normally, how to operate this!--- was too careless, I didn't pay attention...

Login is visible.

lixiaoflyme · Posted on 12/12/2019 12:24:37 AM

if (eventArgsQuery.Questions.Count == 1 && eventArgsQuery.Questions[0]. RecordType == RecordType.A)
            {
                  if (domainnew == "www.test.com") // hijack the QQ domain name
                  {
                     Response.AnswerRecords.Add(new ARecord(eventArgsQuery.Questions[0]. Name, 36000, IPAddress.Parse("192.168.15.15"))); Returns a custom A record
                     Response.ReturnCode = ReturnCode.NoError;
                  }
                  else
                  {

                     this.richTextBox3.Text = this.richTextBox3.Text.Insert(0, DateTime.Now.ToString("yyyy MM dd HH:mm:ss.ffff"). ToString() + "--- requested domain needs to be forwarded to a public DNS query" + Environment.NewLine);
                     DnsClient dnsClient = new DnsClient(IPAddress.Parse("223.5.5.5"), 5000);
                     DnsMessage dnsMessage = dnsClient.Resolve(eventArgsQuery.Questions[0]. Name, RecordType.A);

/////请教一下楼主，这个地方请求不到信息，如何解决？谢谢

                     foreach (DnsRecordBase dnsRecord in dnsMessage.AnswerRecords)
                     {
                        ARecord aRecord = dnsRecord as ARecord;
                        if (aRecord != null)
                        {
                              Response.AnswerRecords.Add(new ARecord(eventArgsQuery.Questions[0]. Name, 36, aRecord.Address)); Return him a record of 127.0.0.1, which is the machine
                              Response.ReturnCode = ReturnCode.NoError;
                        }
                        else
                        {
                              continue;
                        }
                     }

                  }
            }

Little scum · Posted on 12/8/2017 3:47:28 PM

Login is visible.

lightweight · Posted on 11/10/2017 10:45:14 AM

Thanks for sharing, good stuff

sdpos · Posted on 11/10/2017 10:49:29 AM

Thanks for sharing, interested

Xiaobai 666 · Posted on 11/10/2017 11:29:38 AM

No, no, no, white, tender

Linn · Posted on 11/11/2017 1:49:29 AM

Thank you for sharing

330383477 · Posted on 11/12/2017 2:33:21 PM

Learn to learn

bdswy · Posted on 11/14/2017 4:05:10 PM

RE: .net/c# 实现dns劫持源代码

Allon520 · Posted on 11/16/2017 10:41:11 AM

Amazing~~ Big guy

redmason · Posted on 12/14/2017 4:26:31 PM

Great god amazing

[Console Program] .net/c# implements DNS hijacking source code

Related Posts

Sections viewed