Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run this script on a remote host (i.e. Sniffing someone else's DNS) #36

Open
johnsaigle opened this issue Mar 19, 2018 · 0 comments
Open

Run this script on a remote host (i.e. Sniffing someone else's DNS) #36

johnsaigle opened this issue Mar 19, 2018 · 0 comments
Assignees
@kousu @taowa
Labels
enhancement New feature or request help wanted Extra attention is needed question Further information is requested

Comments

@johnsaigle
Copy link
Collaborator

One use case for this script is for network admins to sniff their network's outgoing traffic and determine the security of the sites their users need; this will facilitate contacting the domain admins of those sites in order to tell them to tighten up their security.

@kousu we spoke about how best to implement this. It's not really feasible to get Python running on most people's routers so we need a way to get traffic from them onto the machine running this script.

I have done some research and have come up with two different methods. I'm open to other strategies if you can think of some:

1. Position the listening host running this script as a Person-in-the-Middle

  • (E.g. this post and this post.) Idea: Basically create a "virtual network interface" and sniff traffic off of that using port forwarding

  • Pros: Should work in most cases; Network admins should be able to monitor what's going over the wire and set up the rules they need; Can sniff traffic live

  • Cons: This essentially now also becomes a hacking tool. That's fine with me because security and hacking are really two sides of one coin and dependent on context: nmap is technically a hacking tool but also vital for administering a network; Also this approach requires more configuration with iptables and forwarding etc.

2. Run the script on a text file of hosts

  • Idea: Pass a text file of hosts into the program and evaluate those. We can add this as a command line argument, e.g. running the script in --live mode or --list mode, where the former uses scapy to sniff traffic like it does now, and the latter just grades a list of domains. The script doesn't necessarily need to sniff DNS traffic live if there is a list of IPs to grade.

  • Pros: Easier to set-up; reduces utility as a hacking tool

  • Cons: The preparation of the IPs list: there might be a way to export requested hosts from the router (especially if it's running something like Tomato) but this could be tricky for some vendors/firmware.

Let me know what you think.
@johnsaigle johnsaigle added enhancement New feature or request help wanted Extra attention is needed question Further information is requested labels Mar 19, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kousu kousu

@taowa taowa

Labels
enhancement New feature or request help wanted Extra attention is needed question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kousu @taowa @johnsaigle