linux poison RSS
linux poison Email

DNS protocol monitoring and spoofing program

Zodiac is a DNS protocol analyzation and exploitation program. It is a robust tool to explore the DNS protocol. Internally it contains advanced DNS routines for DNS packet construction and disassembling and is the optimal tool if you just want to try something out without undergoing the hassle to rewrite DNS packet routines or packet filtering.

Zodiac has been developed and tested on the Linux 2.2.x platform. It should work on all platforms that do have POSIX Threads, the terminal library ncurses and the libpcap packet capture library installed. To run zodiac you need root access for obvious reasons

  • sniffing on all kinds of configured devices (Ethernet, PPP, …)
  • capturing and decoding nearly all types of DNS packets, including packet decompression
  • ncurses driven text based frontend with interactive commandline and multiple windows
  • threaded design allow more flexibility when adding your own features
  • clean code, commented and tested just fine, ready for you to extend
  • internal DNS packet filtering allows installation of pseudo DNS filters you can “select()” on a large set of DNS packet construction primitives
  • DNS name server versioning using BIND version requests
  • DNS local spoofing, answering DNS queries on your LAN before the remote NS
  • DNS jizz spoofing, exploiting a weakness within old BIND versions
  • DNS ID spoofing, exploiting a weakness within the DNS protocol itself
Download: zodiac-0.4.9.tar.gz


Post a Comment

Related Posts with Thumbnails