用node來DNS抓包
摘要:
這是崔斯特的第七十四篇原創文章
用node來DNS抓包 (๑• . •๑)
前提準備
安裝node,並安裝依賴,去 server.js 同級目錄下安裝
npm install native-dns
npm install async
儲存以下檔案為 s...
這是崔斯特的第七十四篇原創文章
用node來DNS抓包 (๑• . •๑)
前提準備
安裝node,並安裝依賴,去 server.js 同級目錄下安裝
npm install native-dns npm install async
儲存以下檔案為 server.js :
let dns = require('native-dns');
let server = dns.createServer();
let authority = { address: '114.114.114.114', port: 53, type: 'udp' };
server.on('listening', () => console.log('server listening on', server.address()));
server.on('close', () => console.log('server closed', server.address()));
server.on('error', (err, buff, req, res) => console.error(err.stack));
server.on('socketError', (err, socket) => console.error(err));
function proxy(question, response, cb){
console.log('proxying', question.name);
var request = dns.Request({
question: question, // forwarding the question
server: authority,// this is the DNS server we are asking
timeout: 1000
});
// when we get answers, append them to the response
request.on('message', (err, msg) => {
msg.answer.forEach(a=> response.answer.push(a));
});
request.on('end', cb);
request.send();
}
let async = require('async');
let entries = [
{
domain: "^weixin.keruyun.com*",
records: [
{ type: "A", address: "10.10.10.90", ttl: 1800 }
]
}
];
function handleRequest(request, response){
console.log('request from', request.address.address, 'for', request.question[0].name);
let f = [];
request.question.forEach(question=> {
let entry = entries.filter(r=> new RegExp(r.domain, 'i').exec(question.name));
if (entry.length) {
entry[0].records.forEach(record=> {
record.name = question.name;
record.ttl = record.ttl || 1800;
response.answer.push(dns[record.type](record));
});
} else {
f.push(cb=> proxy(question, response, cb));
}
});
async.parallel(f, function(){ response.send(); });
}
server.on('request', handleRequest);
server.serve(53);
手機wifi設定如下:
在DNS1和DNS2,都設定為電腦端地址
找到域名
使用命名 node server.js 執行js檔案,手機開啟飛航模式,再關閉飛航模式,關閉手機所有應用後,開啟目標應用,檢視輸出
request from 10.10.10.30 for api.huoshan.com proxying api.huoshan.com request from 10.10.10.30 for api.huoshan.com proxying api.huoshan.com request from 10.10.10.30 for sf3-ttcdn-tos.pstatp.com proxying sf3-ttcdn-tos.pstatp.com request from 10.10.10.30 for nbsdk-baichuan.alicdn.com proxying nbsdk-baichuan.alicdn.com request from 10.10.10.30 for sf1-hscdn-tos.pstatp.com proxying sf1-hscdn-tos.pstatp.com request from 10.10.10.30 for wgo.mmstat.com proxying wgo.mmstat.com request from 10.10.10.30 for v7.pstatp.com proxying v7.pstatp.com request from 10.10.10.30 for sf1-ttcdn-tos.pstatp.com proxying sf1-ttcdn-tos.pstatp.com
找到自己想要抓取的域名,假設現在我們想抓取的域名是 superapp.kiwa-tech.com ,修改 server.js 檔案,如下
let entries = [
{
domain: "^superapp.kiwa-tech.com*",
records: [
{ type: "A", address: "10.10.10.90", ttl: 1800 }
]
}
];
配置Charles
開啟Charles,注意,要使用 sudo 開啟, sudo /Applications/Charles.app/Contents/MacOS/Charles
- 安裝證書,手機端也要安裝
- 開啟ssl proxying
- Reverse Proxies,設定如下
最後
最後就大功告成了,此時在手機端開啟該App,即可檢視相關DNS抓包資料。
這種方法叫做DNS抓包