Shulou(Shulou.com)05/31 Report--

This article mainly introduces what DnsFookup is a tool, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to understand it.

DnsFookup is a powerful DNS rebinding tool that researchers can use to test the security of the target DNS server.

In essence, DnsFookup is a DNS rebinding framework that includes the following components:

1. A DNS server

2. Web API, which is used to create new subdomain names, control DNS servers, view logs, etc.

3. Integrate React App to make the tools more convenient to use

Tool mechanism

This tool can help us create DNS bindings, which are similar to a Burp Collaborator, but DnsFookup provides more rich and powerful features:

In the tool interface, you can specify the IP address that the DNS server needs to resolve and the number of repeats. The current version of DnsFookup only supports A records. Next, you can see the source of the request directly in the log record, as well as the parsing result.

Tool installation

Researchers can use the following commands to clone the source code of the project locally:

The git clone https://github.com/makuga01/dnsFookup.git tool runs

First, we need to check the parameter configuration information in the .py file, which is generally annotated in the following form:

"" * * CONFIG * * ""

Of course, don't forget to change the Docker and Redis passwords in the following files:

Docker-compose.ymlapp.pydns_resources

Next, you can configure Postgres and Redis with the following commands:

Sudo docker-compose up

Switch to. / BE and run the following command:

Pip3 install-r requirements.txtpython3 dns.py # to start the dns server

If only for testing purposes, the development version server is sufficient:

FLASK_APP=app.pyFLASK_ENV=developmentflask run

Next, run the following command in. / FE:

Npm installnpm startAPI document

In order to log in and use API, you need to use a token to authenticate and set the Content-Type in application/json.

Register-/ auth/signupPOST / auth/signup

JSON principal:

{"username": "marek", "password": "ffffffff"}

Response:

{"name": "marek", "access_token": "eyJuYW1lIjoiMTMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzNyBTZUtyM1QgVDBLM24ifQo="} login-/ auth/loginPOST / auth/signup

JSON principal:

{"username": "marek", "password": "ffffffff"}

Response:

{"name": "marek", "access_token": "eyJuYW1lIjoiMTMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzNyBTZUtyM1QgVDBLM24ifQo="} Log out-/ auth/logoutPOST / auth/logout

Response:

{"message": "Access token has been revoked"} get the user name GET / api/user

Response:

{"name": "marek"} create a new token-/ api/fookup/newPOST / api/fookup/new

JSON principal:

{"name": "dsads", "ip_props": {"1": {"ip": "123.0.0.1", "repeat": 13}, "2": {"ip": "3.2.1.1", "repeat": "4ever"}}

Response:

{"subdomain": "0dd4d9083d7647e1a5fd5f1444e655ce.gel0.space"} use sample 1

Suppose we provide the following to the tool:

{"name": "dsads", "ip_props": {"1": {"ip": "1.1.1.1", "repeat": 2}, "2": {"ip": "2.2.2.2", "repeat": 1}

Next, use the host command to test the domain name:

$host {domain} {domain} has address 1.1.1.1$ host {domain} {domain} has address 1.1.1.1$ host {domain} {domain} has address 2.2.2.2$ host {domain} {domain} has address 1.1.1.1$ host {domain} has address 1.1.1.1$ host {domain} {domain} has address 2.2.2.2 Use sample 2 {"name": "dsads", "ip_props": {"1": {"ip": "1.1.1.1", "repeat": 2}, "2": {"ip": "2.2.2.2", "repeat": "4ever"}

The output of the Host command is as follows:

$host {domain} {domain} has address 1.1.1.1$ host {domain} {domain} has address 1.1.1.1$ host {domain} {domain} has address 2.2.2.2$ host {domain} has address 2.2.2.2$ host {domain} {domain} has address 2.2.2.2 get all log files-/ api/fookup/logs/all

This API can help us return all the log files:

GET / api/fookup/logs/all

Response:

[{"uuid": "0dd4d9083d7647e1a5fd5f1444e655ce", "resolved_to": "123.0.0.0", "domain": "0dd4d9083d7647e1a5fd5f1444e655ce.gel0.space", "origin_ip": "127.0.0.1", "port": "41095", "created_date": "2019-09-17 20 domain 38 0dd4d9083d7647e1a5fd5f1444e655ce.gel0.space 44.769560"},... snip... {"uuid": "ffffffffffffffffffffffffffffffff", "resolved_to": "99.123.64.19", "domain": "0dd4d9083d7647e1a5fd5f1444e655ce.gel0.space", "origin_ip": "127.0.0.1", "port": "51515", "created_date": "2019-09-17 20 0dd4d9083d7647e1a5fd5f1444e655ce.gel0.space 3815 50.321975"}] Statistics-/ api/statistics

This API can help us get the statistics of the front-end App:

GET / api/statistics

Response:

{"request_count": 420, "created_bins": 69} Thank you for reading this article carefully. I hope the article "what tool DnsFookup is" shared by the editor will be helpful to you. At the same time, I hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.