Pcap_DNSProxy 一个忽略 DNS 投毒污染的小工具

2014-06-23 20:46:53 +08:00
 chengr28
https://github.com/chengr28/pcap_dnsproxy

自己的小工程(?)嘛用的是 C/C++(其实骨子里是用了Cpp语法的C)
之前看到SS的大大发了一个工具被引来了这边……
听说用Python写简单,大部分DNS本地代理都是Python写的,可惜完全不懂
看到这几天这么多工具忽然都冒出来被吓了 =3=

回归正题
这工具用的是 Pcap 抓包,什么IP头啊UDP都能看到,过滤其实也不难
支持正则表达式的Hosts
当然也支持TCP请求,不过TCP有几个固定域名会被连接重置,而且考虑资源占用当然首选UDP
也可以把域名重定向请求境内的DNS服务器提高速度,不过规则我看过长得无法直视……就不带了
v0.4里开始支持DNSCrypt的协议
Windows/Linux/Mac 三个版本,不过Linux/Mac可能更新得比较慢
43599 次点击
所在节点    程序员
54 条回复
chengr28
2014-06-24 16:35:23 +08:00
@streamgo 感谢反馈错误,问题已经修复。至于 127.0.0.1 这个是必须要设置的,这一步是让系统的解析发送到程序的监听端口,如果不设置等于没装 Pcap_DNSProxy ……

顺便赞一下 @xinhugo 高级客服经理 =w=
streamgo
2014-06-24 18:32:04 +08:00
@xinhugo
@chengr28 万分感谢。多谢指教啦!
LazyZhu
2014-06-24 19:14:40 +08:00
@chengr28 这个NULL好
a1328788808
2014-06-25 19:16:04 +08:00
@chengr28 首要dna填127.0.0.1 备用dns还用不用填什么呢?
chengr28
2014-06-26 09:52:11 +08:00
@a1328788808 一般是不用填的,不过事实上填点其它貌似也无所谓,不知道Windows是什么切换算法……我自己用着就没有填
qjhqxnne
2014-06-26 21:10:51 +08:00
有没有android版?
chengr28
2014-06-27 17:51:16 +08:00
Shared
2014-07-07 21:17:09 +08:00
@chengr28 在 OSX 10.9.4 上设置完出现这个结果

; <<>> DiG 9.8.3-P1 <<>> www.google.com
;; global options: +cmd
;; connection timed out; no servers could be reached

这是正常情况吗?没有日志生成。。
chengr28
2014-08-20 01:57:25 +08:00
@Shared 不好意思现在才回复……因为比较少上来这边

这个还真是不好判断呢……似乎所有超时拿不到解析结果都是这样的
这样吧……先看一下 Pcap_DNSProxy 是不是在运行之中
在终端输入 sudo launchctl list 看看列表里面有没有 PcapDNSProxyService
如果没有那可能是运行出错或者部署不成功,建议看下程序目录里有没有 Error.log 之类的
如果已经在运行中了,则建议修改 Hosts.conf 随便加一条例如 203.208.46.200 www\.google\.com 这样的条目保存等一会儿再 dig www.google.com 看看有没有结果(注意实验完记得删掉w)
如果有的话,那可能就是因为最近GFW对境外DNS服务器干扰太严重导致解析失败,这个似乎是无解的……可能需要等到 v0.4 新版本升级后启用了新功能才会有所缓解(参见 v0.4 Beta 的Windows版)
如果没有结果那可能是程序的问题……
Shared
2014-08-20 12:06:46 +08:00
@chengr28 谢谢,我晚上回去试试
huangyedoushi
2015-04-09 14:41:06 +08:00
[SC] ControlService 失败 1062:

服务尚未启动。

[SC] DeleteService 成功
[SC] CreateService 成功
操作成功完成。
操作成功完成。
'Pcap_DNSProxy_x86.exe' 不是内部或外部命令,也不是可运行的程序
或批处理文件。
[SC] ChangeServiceConfig2 成功
[SC] ChangeServiceConfig2 成功
[SC] StartService 失败 2:

系统找不到指定的文件。


Windows IP 配置

已成功刷新 DNS 解析缓存。

Service start failed, please check the configurations.

请按任意键继续. . .


WinPcap 已安装
请教如何解决?
chengr28
2015-04-20 22:16:29 +08:00
@huangyedoushi 请问下载的是 Release 分支的 ZIP 吗?
hcql
2015-06-01 10:12:48 +08:00
升级后用不了了..白名单域名可以解析.非白名单解析都超时..
服务器: pcap-dnsproxy.localhost.server
Address: ::1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** 请求 pcap-dnsproxy.localhost.server 超时
chengr28
2015-06-01 13:35:19 +08:00
@hcql 希望能提供一下配置文件
hcql
2015-06-01 16:54:16 +08:00
@chengr28


[Base]
Version = 0.4
File Refresh Time = 10
Additional Path =
Hosts File Name = Hosts.ini|Hosts.conf|Hosts|Hosts.txt|Hosts.csv|WhiteList.txt|White_List.txt
IPFilter File Name = IPFilter.ini|IPFilter.conf|IPFilter.dat|IPFilter.csv|IPFilter|Guarding.p2p|Guarding|Routing.txt|chnrouting.txt|chnroute.txt

[Log]
Print Error = 1
Log Maximum Size = 8MB

[DNS]
Protocol = TCP
Hosts Only = 0
Local Main = 0
Local Hosts = 1
Local Routing = 0
Cache Type = Queue
Cache Parameter = 256
Default TTL = 900

[Listen]
Pcap Capture = 1
Pcap Reading Timeout = 200
Operation Mode = Private
Listen Protocol = IPv6 + TCP + UDP
Listen Port = 53
IPFilter Type = Deny
IPFilter Level <
Accept Type =

[Addresses]
IPv4 Listen Address =
IPv4 EDNS Client Subnet Address =
IPv4 DNS Address = 208.67.220.220:443
IPv4 Alternate DNS Address = 8.8.8.8:53|208.67.220.220:443|208.67.222.222:5353
IPv4 Local DNS Address = 202.101.172.47:53
IPv4 Local Alternate DNS Address = 223.6.6.6:53
IPv6 Listen Address =
IPv6 EDNS Client Subnet Address =
IPv6 DNS Address = [2001:470:20::2]:53
## IPv6 DNS Address = [2001:4860:4860::8844]:53
IPv6 Alternate DNS Address =
## IPv6 Alternate DNS Address = [2001:4860:4860::8888]:53
IPv6 Local DNS Address =
IPv6 Local Alternate DNS Address =

[Values]
EDNS Payload Size =
IPv4 TTL = 0
IPv6 Hop Limits = 0
IPv4 Alternate TTL = 0
IPv6 Alternate Hop Limits = 0
Hop Limits Fluctuation = 2
Reliable Socket Timeout = 5000
Unreliable Socket Timeout = 3000
Receive Waiting = 0
ICMP Test = 900
Domain Test = 900
Alternate Times = 10
Alternate Time Range = 60
Alternate Reset Time = 300
Multi Request Times = 0

[Switches]
Domain Case Conversion = 1
Compression Pointer Mutation = 0
EDNS Label = 0
EDNS Client Subnet = 0
DNSSEC Request = 0
DNSSEC Validation = 0
DNSSEC Force Validation = 0
Alternate Multi Request = 0
IPv4 Data Filter = 0
TCP Data Filter = 1
DNS Data Filter = 1
Blacklist Filter = 1

[Data]
ICMP ID =
ICMP Sequence =
ICMP PaddingData =
Domain Test ID =
Domain Test Data =
Localhost Server Name =

[DNSCurve]
DNSCurve = 0
DNSCurve Protocol = UDP
DNSCurve Payload Size =
Encryption = 1
Encryption Only = 0
Key Recheck Time = 3600

[DNSCurve Addresses]
DNSCurve IPv4 DNS Address = 208.67.220.220:443
DNSCurve IPv4 Alternate DNS Address = 208.67.222.222:443
DNSCurve IPv6 DNS Address =
## DNSCurve IPv6 DNS Address = [2620:0:CCC::2]:443
DNSCurve IPv6 Alternate DNS Address =
## DNSCurve IPv6 Alternate DNS Address = [2620:0:CCD::2]:443
DNSCurve IPv4 Provider Name = 2.dnscrypt-cert.opendns.com
DNSCurve IPv4 Alternate Provider Name = 2.dnscrypt-cert.opendns.com
DNSCurve IPv6 Provider Name =
## DNSCurve IPv6 Provider Name = 2.dnscrypt-cert.opendns.com
DNSCurve IPv6 Alternate Provider Name =
## DNSCurve IPv6 Alternate Provider Name = 2.dnscrypt-cert.opendns.com

[DNSCurve Keys]
Client Public Key =
Client Secret Key =
IPv4 DNS Public Key = B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79
IPv4 Alternate DNS Public Key = B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79
IPv6 DNS Public Key =
## IPv6 DNS Public Key = B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79
IPv6 Alternate DNS Public Key =
## IPv6 Alternate DNS Public Key = B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79
IPv4 DNS Fingerprint =
## IPv4 DNS Fingerprint = 227C:86C7:7574:81AB:6AE2:402B:4627:6E18:CFBB:60FA:DF92:652F:D694:01E8:EBF2:B007
IPv4 Alternate DNS Fingerprint =
## IPv4 Alternate DNS Fingerprint = 227C:86C7:7574:81AB:6AE2:402B:4627:6E18:CFBB:60FA:DF92:652F:D694:01E8:EBF2:B007
IPv6 DNS Fingerprint =
## IPv6 DNS Fingerprint = 227C:86C7:7574:81AB:6AE2:402B:4627:6E18:CFBB:60FA:DF92:652F:D694:01E8:EBF2:B007
IPv6 Alternate DNS Fingerprint =
## IPv6 Alternate DNS Fingerprint = 227C:86C7:7574:81AB:6AE2:402B:4627:6E18:CFBB:60FA:DF92:652F:D694:01E8:EBF2:B007

[DNSCurve Magic Number]
IPv4 Receive Magic Number =
IPv4 Alternate Receive Magic Number =
IPv6 Receive Magic Number =
IPv6 Alternate Receive Magic Number =
IPv4 DNS Magic Number =
## IPv4 DNS Magic Number = qe47QHHw
IPv4 Alternate DNS Magic Number =
## IPv4 Alternate DNS Magic Number = qe47QHHw
IPv6 DNS Magic Number =
## IPv6 DNS Magic Number = qe47QHHw
IPv6 Alternate DNS Magic Number =
## IPv6 Alternate DNS Magic Number = qe47QHHw
chengr28
2015-06-01 23:21:55 +08:00
@hcql 似乎是 IPv6 DNS Address = [2001:470:20::2]:53 这行的问题
关于 IPv6 因为如果用的是隧道的话抓包是抓不到的,系统内没有可用于公共地址路由的 IPv6 网关或者网关不通的话,填入 IPv6 地址后会导致程序往 IPv6 发并一直等待而不会进行 IPv4 的请求,然后就一直超时了……
hcql
2015-06-02 11:57:52 +08:00
@chengr28 本月升级前的版本.我使用正常呢,升级后就用不来了.

我是启用了IPV6 DNS 优先解析.用来免翻墙访问google什么的.
不过用2001:470:20::2 这个DNS 解析淘宝等国内站都是美国地址.用了大神的软件感觉好爽. 现在没的用了.呜呜呜~~
chengr28
2015-06-02 21:20:38 +08:00
@hcql 之前的是什么版本……0.4 正式版之前的版本,出口的选择是有问题的,也就是说有时就算填了 IPv6 地址,实际上走的也是 IPv4 的解析……不确定的话,可以抓个包看看具体是怎么发的
chengr28
2015-06-02 21:42:27 +08:00
或者这样吧……可以在 GitHub 我的页面找到联系用的邮箱
这样可以比较有针对性看看是什么问题
muziling
2016-01-29 11:27:44 +08:00
这个有包含 chinadns 的功能不, 如果不在国内列表里的域名,会不会丢失 CDN 加速?

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/119128

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX