有以下代码片段:
#!/usr/bin/env python
from scapy.layers.inet import UDP, IP
from scapy.layers.dns import DNS, DNSQR
from scapy.sendrecv import sr1
dns_resp = sr1(IP(dst="8.8.8.8") / UDP(dport=53) /
DNS(rd=1, qd=DNSQR(qname="www.stackoverflow.com")))
print dns_resp.summary()
print dns_resp
我得到以下结果:
Begin emission:
.Finished to send 1 packets.
*
Received 2 packets, got 1 answers, remaining 0 packets
IP / UDP / DNS Ans "stackoverflow.com."
E��/
stackoverflowcom
���eE��eAE��e�E��e�E
我可以从 URL 中删除 www.,然后我将获得 IP,但我无法以编程方式从包中提取它(以代码形式)。
Begin emission:
.Finished to send 1 packets.
*
Received 2 packets, got 1 answers, remaining 0 packets
IP / UDP / DNS Ans "151.101.1.69"
stackoverflowcom
�eE
�eAE
�e�E
�e�E
我想将 www.stackoverflow.com 解析为其 IP 地址。无论输入如何,我该如何做到这一点? (无论是 www.stackoverflow.com 还是 stackoverflow.com)
我尝试在 scapy 的控制台中执行此操作,得到以下结果:
>> r=sr1(IP(dst="8.8.8.8")/UDP(dport=53)/DNS(rd=1,qd=DNSQR(qname="www.stackoverflow.com")))
Begin emission:
.Finished to send 1 packets.
.*
Received 3 packets, got 1 answers, remaining 0 packets
>>> r
<IP version=4L ihl=5L tos=0x0 len=145 id=7835 flags= frag=0L ttl=47 proto=udp chksum=0x9a88 src=8.8.8.8 dst=192.168.1.129 options=[] |<UDP sport=domain dport=domain len=125 chksum=0x738c |<DNS id=0 qr=1L opcode=QUERY aa=0L tc=0L rd=1L ra=1L z=0L ad=0L cd=0L rcode=ok qdcount=1 ancount=5 nscount=0 arcount=0 qd=<DNSQR qname='www.stackoverflow.com.' qtype=A qclass=IN |> an=<DNSRR rrname='www.stackoverflow.com.' type=CNAME rclass=IN ttl=2927 rdata='stackoverflow.com.' |<DNSRR rrname='stackoverflow.com.' type=A rclass=IN ttl=263 rdata='151.101.1.69' |<DNSRR rrname='stackoverflow.com.' type=A rclass=IN ttl=263 rdata='151.101.65.69' |<DNSRR rrname='stackoverflow.com.' type=A rclass=IN ttl=263 rdata='151.101.129.69' |<DNSRR rrname='stackoverflow.com.' type=A rclass=IN ttl=263 rdata='151.101.193.69' |>>>>> ns=None ar=None |>>>
我能否以某种方式通过 dns 响应类型过滤此信息(据我所知,A 类型响应在 scapy 中属于 1 类型)
最佳答案
print "--------------------"
print dns_resp.summary()
print "--------------------"
#print 'name:', dns_resp.payload.payload.name
print 'name:', dns_resp[DNS].name
#print repr(dns_resp.payload.payload)
print repr(dns_resp[DNS])
print "--------------------"
#print 'layers:', dns_resp.payload.payload.ancount
print 'layers:', dns_resp[DNS].ancount
print "--------------------"
for x in range(dns_resp[DNS].ancount):
print dns_resp[DNSRR][x].rdata
print "--------------------"
结果
--------------------
IP / UDP / DNS Ans "stackoverflow.com."
--------------------
name: DNS
<DNS id=0 qr=1L opcode=QUERY aa=0L tc=0L rd=1L ra=1L z=0L ad=0L cd=0L rcode=ok qdcount=1 ancount=5 nscount=0 arcount=0 qd=<DNSQR qname='www.stackoverflow.com.' qtype=A qclass=IN |> an=<DNSRR rrname='www.stackoverflow.com.' type=CNAME rclass=IN ttl=3379 rdata='stackoverflow.com.' |<DNSRR rrname='stackoverflow.com.' type=A rclass=IN ttl=79 rdata='151.101.1.69' |<DNSRR rrname='stackoverflow.com.' type=A rclass=IN ttl=79 rdata='151.101.65.69' |<DNSRR rrname='stackoverflow.com.' type=A rclass=IN ttl=79 rdata='151.101.129.69' |<DNSRR rrname='stackoverflow.com.' type=A rclass=IN ttl=79 rdata='151.101.193.69' |>>>>> ns=None ar=None |>
--------------------
layers: 5
--------------------
stackoverflow.com.
151.101.1.69
151.101.65.69
151.101.129.69
151.101.193.69
--------------------
https://itgeekchronicles.co.uk/2014/05/12/scapy-iterating-over-dns-responses/
关于python - 如何读取 scapy 的 DNS 响应来获取解析域的 IP 地址?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42052956/