deserter is the first of its kind targeted DNS cache poisoner

Overview

deserter

What is deserter?

deserter is the first of its kind targeted DNS cache poisoner. It is capable of DNS cache poisoning without bruteforcing the target ID and source port - instead, it sniffs out DNS probes and uses the information inside to craft poisoned responses and send them back to the target.

In order for it to work, the attacker needs to be on the same network as the victim. Sometimes, arp spoofing may also be required - usually on physical connections through Ethernet.

Installation

You need to clone this repo with its submodule:

git clone --recurse-submodules https://github.com/b4ckslash0/deserter
┌──([email protected])-[~/dev/test]-[]
└─$ git clone --recurse-submodules https://github.com/b4ckslash0/deserter
Cloning into 'deserter'...
remote: Enumerating objects: 125, done.
remote: Counting objects: 100% (125/125), done.
remote: Compressing objects: 100% (89/89), done.
remote: Total 125 (delta 36), reused 107 (delta 21), pack-reused 0
Receiving objects: 100% (125/125), 30.41 KiB | 1.05 MiB/s, done.
Resolving deltas: 100% (36/36), done.
Submodule 'external/PcapPlusPlus' (https://github.com/seladb/PcapPlusPlus) registered for path 'external/PcapPlusPlus'
Cloning into '/home/backslash0/dev/test/deserter/external/PcapPlusPlus'...
remote: Enumerating objects: 15076, done.        
remote: Counting objects: 100% (619/619), done.        
remote: Compressing objects: 100% (472/472), done.        
remote: Total 15076 (delta 269), reused 282 (delta 135), pack-reused 14457        
Receiving objects: 100% (15076/15076), 83.19 MiB | 2.06 MiB/s, done.
Resolving deltas: 100% (10354/10354), done.
Submodule path 'external/PcapPlusPlus': checked out '5f43c3d0545bebcc71cc3fa149c200a081784008'

The tool depends on PcapPlusPlus, for packet capturing and crafting, and argparse, for command-line argument parsing.

Now, change your directory to the cloned repository and then into the scripts directory. Change the permission for execution on the install.sh file and run it:

cd deserter/scripts
chmod +x install.sh
./install.sh

The tool will build and compile into the deserter/build directory. After installation you can use

./deserter --help

for more information.

Note, the tool requires sudo permissions to be run.

TODOs:

  • add Windows support
  • colours and banner
  • support for poisoning multiple queries in a single request/response
  • option to keep listening for new packets after a successful poisoning

This tool is not intended for use against machines without their owner's written permission. I do not bear any responsibility for your own actions.

You might also like...
The InitWare Suite of Middleware allows you to manage services and system resources as logical entities called units. Its main component is a service management (
The InitWare Suite of Middleware allows you to manage services and system resources as logical entities called units. Its main component is a service management ("init") system.

InitWare isn't ready to use yet!! Unless you are doing so for fun, to experiment, or to contribute, you most likely do not want to try to install Init

First Growtopia Private Server made with ENet

GrowtopiaServer First Growtopia Private Server made with ENet. This project has been compiled with Visual Studio 2015 (Visual Studio 2013 or older won

Provide translation, currency conversion, and voting services. First using telnet you create a connection to a TCP socket, then the server connects to 3 UDP sockets hosted on other servers to do tasks.

to run micro servers g++ translator.cpp -o translator ./translator port 1 g++ voting.cpp -o voting ./voting port 2 g++ currency_converter.cpp -o c

deserter is a targeted DNS cache poisoner.
deserter is a targeted DNS cache poisoner.

deserter is a targeted DNS cache poisoner. It is capable of DNS cache poisoning without bruteforcing the target ID and source port - instead, it sniffs out DNS probes and uses the information inside to craft poisoned responses and send them back to the target.

A low-latency LRU approximation cache in C++ using CLOCK second-chance algorithm. Multi level cache too. Up to 2.5 billion lookups per second.
A low-latency LRU approximation cache in C++ using CLOCK second-chance algorithm. Multi level cache too. Up to 2.5 billion lookups per second.

LruClockCache Low-latency LRU approximation cache in C++ using CLOCK second-chance algorithm. (see wiki for details) using MyKeyType = std::string; us

Dohd is a minimalist DNS-over-HTTPS daemon that redirects all DoH queries to a local DNS server running on localhost:53 (UDP)

dohd Dohd (pron. doh-dee) is a minimalist DNS-over-HTTPS daemon that redirects all DoH queries to a local DNS server running on localhost:53 (UDP). Fe

✔️The smallest header-only GUI library(4 KLOC) for all platforms
✔️The smallest header-only GUI library(4 KLOC) for all platforms

Welcome to GUI-lite The smallest header-only GUI library (4 KLOC) for all platforms. 中文 Lightweight ✂️ Small: 4,000+ lines of C++ code, zero dependenc

With xshellex you can paste any kind of c-shellcode strings in x64dbg, ollydbg & immunity debugger
With xshellex you can paste any kind of c-shellcode strings in x64dbg, ollydbg & immunity debugger

With xshellex you can paste any kind of c-shellcode strings in x64dbg, ollydbg & immunity debugger. Also you can convert the "binary-copied-clipboard" to c-shellcode string.

dos-like is a programming library/framework, kind of like a tiny game engin
dos-like is a programming library/framework, kind of like a tiny game engin

dos-like is a programming library/framework, kind of like a tiny game engine, for writing games and programs with a similar feel to MS-DOS productions from the early 90s. But rather than writing code that would run on a real DOS machine, dos-like is about making programs which runs on modern platforms like Windows, Mac and Linux, but which attempts to recreate the look, feel, and sound of old DOS programs.

Create a calculator of any kind in any language, create a pr.

calculators Create a calculator of any kind in any language, create a pr. Create a calculator of any type using the programming language of your choic

This is a repository entirely dedicated to all kind of questions ranging from basic DSA to CP. It aims to provide a solution to different questions. 📚

🎉 CP-DSA-Questions 🎉 This is a repository entirely dedicated to all kind of questions ranging from basic DSA to CP. It aims to provide a solution to

A C math library targeted at games

Kazmath Kazmath is a simple 3D maths library written in C. It was initially coded for use in my book, Beginning OpenGL Game Programming - Second editi

A C math library targeted at games

Kazmath Kazmath is a simple 3D maths library written in C. It was initially coded for use in my book, Beginning OpenGL Game Programming - Second editi

 	Cobalt Strike is a commercial, full-featured, remote access tool that bills itself as
Cobalt Strike is a commercial, full-featured, remote access tool that bills itself as "adversary simulation software designed to execute targeted attacks and emulate the post-exploitation actions of advanced threat actors".

COBALT STRIKE 4.4 Cobalt Strike is a commercial, full-featured, remote access tool that bills itself as "adversary simulation software designed to exe

Box64 - Linux Userspace x86_64 Emulator with a twist, targeted at ARM64 Linux devices
Box64 - Linux Userspace x86_64 Emulator with a twist, targeted at ARM64 Linux devices

Box64 - Linux Userspace x86_64 Emulator with a twist, targeted at ARM64 Linux devices

TAFuzzer: Effective and Efficient Targeted Fuzzing framework for Smart Contract Vulnerability Detection (CCS2022a Under Review).

TAFuzzer An effective and efficient targeted fuzzing framework for smart contract vulnerability detection. Requirements TAFuzzer is supported on Linux

A C library for asynchronous DNS requests

c-ares This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need t

Mongoose Embedded Web Server Library - a multi-protocol embedded networking library with TCP/UDP, HTTP, WebSocket,  MQTT built-in protocols, async DNS resolver, and non-blocking API.
Mongoose Embedded Web Server Library - a multi-protocol embedded networking library with TCP/UDP, HTTP, WebSocket, MQTT built-in protocols, async DNS resolver, and non-blocking API.

Mongoose - Embedded Web Server / Embedded Networking Library Mongoose is a networking library for C/C++. It implements event-driven non-blocking APIs

VE Font Cache is a single header-only GPU font rendering library designed for game engines.
VE Font Cache is a single header-only GPU font rendering library designed for game engines.

VE Font Cache is a single header-only GPU font rendering library designed for game engines. It aims to: Be fast and simple to integrate. Take advantag

Comments
  • Segmentation fault, attack seems succesful,

    Segmentation fault, attack seems succesful,

    mz[email protected]:~/work/deserter$ sudo ./build/deserter -t 192.168.1.57 -b 127.0.0.1 -i wlp3s0
        ____                      __           
       / __ \___  ________  _____/ /____  _____
      / / / / _ \/ ___/ _ \/ ___/ __/ _ \/ ___/
     / /_/ /  __(__  )  __/ /  / /_/  __/ /    
    /_____/\___/____/\___/_/   \__/\___/_/     
                                               
    Waiting for DNS packets to come...
    Poisoning successful.
    [ERROR: /home/mz/work/deserter/external/PcapPlusPlus/Packet++/src/DnsResource.cpp: setData:352] DNS record is of type AAAA but given data isn't of type IPv6DnsResourceData
    [ERROR: /home/mz/work/deserter/external/PcapPlusPlus/Packet++/src/DnsLayer.cpp: addResource:495] Couldn't set new resource data
    Segmentation fault
    

    OS: Debian GNU/Linux 11 (bullseye) x86_64 CPU: Intel i5-8350U (8) @ 400MHz

    note: target is my local IP

    bug 
    opened by 10maurycy10 4
  • Segmentation Fault on debain 11

    Segmentation Fault on debain 11

    Reproduction:

    1. install all required tools
        sudo apt install cmake
    
    1. follow build instructions
        cd scripts/
        chmod +x install.sh
        ./install.sh
    
    1. run
        sudo ./deserter -t 169.1.1.35 -b 93.184.216.34 -i wlp3s0
    
    1. observe segfault
    bug 
    opened by 10maurycy10 4
  • Make command error

    Make command error

    when i run install bash file ( install.sh ) he show me this error "make: *** No targets specified and no makefile found. Stop." can any one help me? and thanks

    opened by FliShaDZ 1
Releases(v2.0)
Owner
null
Dohd is a minimalist DNS-over-HTTPS daemon that redirects all DoH queries to a local DNS server running on localhost:53 (UDP)

dohd Dohd (pron. doh-dee) is a minimalist DNS-over-HTTPS daemon that redirects all DoH queries to a local DNS server running on localhost:53 (UDP). Fe

Dyne.org 15 Nov 1, 2022
A C library for asynchronous DNS requests

c-ares This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need t

c-ares 1.5k Nov 29, 2022
Mongoose Embedded Web Server Library - a multi-protocol embedded networking library with TCP/UDP, HTTP, WebSocket, MQTT built-in protocols, async DNS resolver, and non-blocking API.

Mongoose - Embedded Web Server / Embedded Networking Library Mongoose is a networking library for C/C++. It implements event-driven non-blocking APIs

Cesanta Software 9k Dec 2, 2022
DNS and Target HTTP History Local Storage and Search

dooked DNS and Target HTTP History Local Storage and Search Installation Download Boost Library from the official website Extract the library into any

Michael Skelton 60 Oct 31, 2022
A local DNS server to obtain the fastest website IP for the best Internet experience

A local DNS server to obtain the fastest website IP for the best Internet experience

Nick Peng 5.5k Nov 23, 2022
a lightweight and performant multicast DNS (mDNS) reflector with modern design, supports zone based reflection and IPv6

mDNS Reflector mDNS Reflector (mdns-reflector) is a lightweight and performant multicast DNS (mDNS) reflector with a modern design. It reflects mDNS q

Yuxiang Zhu 87 Nov 28, 2022
Winpcap-based network packet capture tool, support TLS (part), UDP, ICMP, TCP, ARP, DNS and other protocol analysis, interface reference wireshark.

Winpcap-based network packet capture tool, support TLS (part), UDP, ICMP, TCP, ARP, DNS and other protocol analysis, interface reference wireshark.

null 53 Nov 20, 2022
Brutally effective DNS amplification ddos attack tool. Can cripple a target machine from a single host. Use with extreme caution.

Brutally effective DNS amplification ddos attack tool. Can cripple a target machine from a single host. Use with extreme caution.

thescientist 0 Nov 28, 2022
DNS amplification DDOS attack tool.

DNS amplification DDOS attack tool.

the-scientist 27 Sep 23, 2022
A project designed for the esp8266 D1 Mini or the esp8266 D1 Mini PRO to provide a wifi http server and dns server.

PS4 Server 9.00 This is a project designed for the esp8266 D1 Mini or the esp8266 D1 Mini PRO to provide a wifi http server and dns server. this is fo

null 13 Sep 7, 2022