A targeted DNS cache poisoner.
Report Bug
·
Request Feature
Table of Contents
deserter is a targeted DNS cache poisoner. It is capable of DNS cache poisoning without bruteforcing the target ID and source port - instead, it sniffs out DNS probes and uses the information inside to craft poisoned responses and send them back to the target.
In the absence of DNS security mechanisms, deserter has a near 100% success rate of poisoning the target's cache when the router has to forward the DNS query to an external DNS server (the router doesn't have an entry for the domain in its own cache).
- Silence -
deserterdoesn't flood the network with any type of packet - it only ever sends a single response per query received. - Speed -
deserteris fast which is required when racing against packets coming from the legitimate name server. - Robustness & Easy of Use -
desertersupports DNS/MDNS queries of type A/AAAA as well as DNS over IPv6, all while being extremely simple to use.
To get a local copy up and running follow these simple steps.
In order for the tool to work, the attacker needs to be on the same network as the victim. Sometimes, arp spoofing may also be required - usually on physical connections through Ethernet.
- Clone the repo with its submodules
git clone --recurse-submodules https://github.com/cr0mll/deserter- Install libpcap
sudo apt-get install libpcap-dev- Change into
deserter/scripts
cd deserter/scripts- Change the permissions for the scripts and run it
chmod +x *Run the installation script:
./install.shThis will configure and build the binary in the deserter/build directory.
You can use the scripts configure.sh and build.sh to manually configure and build the cmake project.
The tool requires sudo permissions to be run.
You can run deserter with --help to get information about all of the available options.
For any DNS cache poisoning attack, you will need to specify the network interface which deserter should use and the IPv4 address which to use for poisoning queries:
./deserter -b <bad IP> -i <interface>
The -t/--targets options can be used to provide a comma-separated list, without whitespace, of IPv4/IPv6 addresses whose queries to poison. By default, deserter will poison all queries it sees. Furthermore, you can prepend ~ to any IP addresses you want to exclude from the target list, such that their queries are left unaltered.
The -d/--domains options can be used to provide comma-separated list, without whitespace, of the domains which to poison when they are found in a query. By default, deserter will poison all domains.
- See the open issues for a list of proposed features (and known issues).
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the MIT License. See LICENSE for more information.
Project Link: https://github.com/cr0mll/deserter
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent