Description

pyminifakeDNS or fakedns (in REMnux) is a small python script written by Francisco Santos. It fakes a DNS server to simulate DNS responses. It is very useful for malware analysis.

Installation

Original

$ cd /usr/local/bin/
$ wget http://code.activestate.com/recipes/491264-mini-fake-dns-server/download/1/ -O pyminifakeDNS.py

Patch (optional)

By default, the server uses IP 192.168.1.1. You can either manually modify this IP by editing the script and modifying it:

if __name__ == '__main__':
  ip='192.168.1.1'

Or you can optionnaly patch the original program (this is what has been done in REMnux) so that it accepts a parameter. To do so, use following commands:

$ cd /usr/local/bin/
$ sudo wget https://dl.dropboxusercontent.com/u/10761700/fakedns-remnux.patch
$ sudo patch -p0 pyminifakeDNS.py < fakedns-remnux.patch
$ sudo mv pyminifakeDNS.py fakedns
$ chmod +x fakedns

Usage

$ sudo python fakedns.py

Example

Note

This example uses the patched version. Replace 192.168.1.38 with your IP address.

First start fakedns as follows:

$ sudo fakedns 192.168.1.38
pyminifakeDNS:: dom.query. 60 IN A 192.168.1.38
Respuesta: aldeid.com. -> 192.168.1.38

Then perform a DNS request as follows:

$ nslookup aldeid.com 192.168.1.38
Server:		192.168.1.38
Address:	192.168.1.38#53

Non-authoritative answer:
Name:	aldeid.com
Address: 192.168.1.38

fakedns should output the request:

[SNIP]
pyminifakeDNS:: dom.query. 60 IN A 192.168.1.38
Respuesta: aldeid.com. -> 192.168.1.38

Comments