Government Security
Network Security Resources

Jump to content

Photo

hex encoding dns querys using scapy

- - - - - security networking network dns programming perl tutorial
  • Please log in to reply
No replies to this topic

#1 thecowman

thecowman

    Private First Class

  • Members
  • 60 posts

Posted 05 June 2008 - 07:40 AM

Right so im using scapy, to make some networking scripts to use on my openwrt and i ran into trouble when im trying to make a dns query
i cannot seem to encode the query string properly, i have read somewhere that the string must begin with a new line, end in a null byte and use 0x3 for dots and found this
'\nhackaholic\x03org\x00\x00\x01\x00\x01'

in a scapy paper online, and this seems to work in my code when i check it with wireshark, howver something like

'\slashdot\x03org\x00\x00\x01\x00\x01'

will not work and often comes up as an invalid query in wireshark
so what im asking is, can anyone tell me the correct way to encode a dns query like this?

edit:
So i found out how it works, mostly thanks to this article here:
hxxp://www.packetstormsecurity.org/programming-tutorials/coding-with-the-dns-protocol.txt

basicly when encoding the domain before each term you must put in hex the length of the word so

google.com becomes:
\x06google\x03com\x00\x00\x01\x00\x01
where x06 is the length of google
x03 is the length of com





Also tagged with one or more of these keywords: security, networking, network, dns, programming, perl, tutorial