When testing from behind an Infoblox, I was seeing duplicate requests. The following patch helped drop the dups:
diff --git a/dnsteal.py b/dnsteal.py
index 692a9c9..f664577 100755
--- a/dnsteal.py
+++ b/dnsteal.py
@@ -53,7 +53,7 @@ def save_to_file(r_data, z, v):
for key,value in r_data.iteritems():
file_seed = time.strftime("%Y-%m-%d_%H-%M-%S")
- fname = "recieved_%s_%s" % (file_seed, key)
+ fname = "received_%s_%s" % (file_seed, key)
flatdata = ""
for block in value:
@@ -86,7 +86,7 @@ def save_to_file(r_data, z, v):
print "%s[Error]%s Could not unzip data, did you specify the -z switch ?" % (c["r"], c["e"])
exit(1)
- print "%s[Info]%s Saving recieved bytes to './%s'" % (c["y"], c["e"], fname)
+ print "%s[Info]%s Saving received bytes to './%s'" % (c["y"], c["e"], fname)
f.write(flatdata)
f.close()
else:
@@ -210,19 +210,30 @@ if __name__ == '__main__':
p_cmds(s,b,ip,z)
print "%s[+]%s Once files have sent, use Ctrl+C to exit and save.\n" % (c["g"], c["e"])
+ prev_buf = '';
try:
r_data = {}
while 1:
# There is a bottle neck in this function, if very slow PC, will take
- # slightly longer to send as this main loop recieves the data from victim.
+ # slightly longer to send as this main loop receives the data from victim.
data, addr = udp.recvfrom(1024)
+
+
+
p=DNSQuery(data)
+
udp.sendto(p.request(ip), addr)
req_split = p.data_text.split(".")
req_split.pop() # fix trailing dot... cba to fix this
+ if req_split == prev_buf:
+ skip = 1
+ else:
+ skip = 0
+ prev_buf = req_split
+
dlen = len(req_split)
fname = ""
tmp_data = []
@@ -244,7 +255,11 @@ if __name__ == '__main__':
print '%s[>>]%s %s -> %s:53' % (c["b"], c["e"], p.data_text, ip)
for d in tmp_data:
- r_data[fname].append(d)
+ if skip==0:
+ r_data[fname].append(d)
+ else:
+ if v:
+ print '=== duplicate block, skipping'
# print r_data