SPOOFDNS
Last updated
Was this helpful?
Last updated
Was this helpful?
The SPOOFDNS command overrides DNS queries via packet injection, allowing a Packet Squirrel to manipulate network behavior in NAT, BRIDGE or TRANSPARENT modes.
The SPOOFDNS command overrides DNS queries via packet injection, allowing a Packet Squirrel to manipulate DNS queries even in BRIDGE or TRANSPARENT modes. Hostnames can be matched by plain names or .
The SPOOFDNS tool is able to manipulate the traditional UDP-based DNS which is still in common use. It is not able to manipulate DNS-over-HTTPS.
The SPOOFDNS command expects several options:
SPOOFDNS requires a network interface. Typically on the Packet Squirrel this is br-lan, the virtual interface which connects the Ethernet ports.
SPOOFDNS can match any number of hosts.
Hosts can be full hostnames or regular expressions. SPOOFDNS uses the ECMASCRIPT regular expression flavor.
An IP address can be either IPv4 or IPv6. For IPv4 addresses, SPOOFDNS will override A record queries, and for IPv6 addresses, it will override AAAA queries.
SPOOFDNS will detect the type of IP address used automatically, and generate the appropriate A or AAAA response.
When using regular expressions to match hostnames, the match should always be enclosed in quotes:
Multiple hostname matches can be provided, and they will be matched in the order listed.
Always put the most general matches at the end!
For example:
This example will resolve logon.example.com to the IPv4 address 1.2.3.4, v6.example.com to the IPv6 localhost address ::1, and all other hosts in example.com to the IPv4 localhost 127.0.0.1 address.
The SPOOFDNS command can be used as part of a payload to redirect or sinkhole DNS queries: