Removed some very dumb code and added new functionality, along with a…

…n updated README
mandatoryprogrammer · Feb 26, 2017 · c572fe3 · c572fe3
1 parent a9669e4
commit c572fe3
Show file tree

Hide file tree

Showing 3 changed files with 122 additions and 45 deletions.
diff --git a/README.md b/README.md
@@ -183,4 +183,65 @@ Another example is the following:
 }
 ```
 
-The above rule matches any `MX` query from `127.0.0.1`. The DNS response's answer is overwritten with a single MX record for `hacktheplace.localhost`. A real world implementation of this would be to redirect inbound emails from a specific IP in order to read private emails of your target. Additionally an attacker in a real world scenario may also choose to modify the response TTL to be a very high value in order to persist their malicious records in client DNS caches as long as possible.
+The above rule matches any `MX` query from `127.0.0.1`. The DNS response answer is overwritten with a single MX record for `hacktheplace.localhost`. A real world implementation of this would be to redirect inbound emails from a specific IP in order to read private emails of your target. Additionally an attacker in a real world scenario may also choose to modify the response TTL to be a very high value in order to persist their malicious records in client DNS caches as long as possible.
+
+# Rule Match Types
+
+## Requester IP
+The following rule will match on a client's IP address:
+
+```json
+{
+  "name": "Make all responses requested from localhost (127.0.0.1) NOERROR.",
+  "ip_range_matches": [ "127.0.0.1/32" ],
+  "modifications": [
+    {
+      "header": {
+        "rcode": 0
+      }
+    }
+  ]
+}
+```
+
+The `ip_range_matches` field is set to an array of IP ranges which specify the target ranges to apply the response modification to. Omission of this field is equivalent to a wildcard and will match all client IP addresses.
+
+## Request Query Type
+The following rule will match on a query type of `MX` and `CNAME` and apply a response modification accordingly:
+
+```json
+{
+  "name": "Make all responses NOERROR even if they've failed.",
+  "query_type_matches": [ "MX", "CNAME" ],
+  "modifications": [
+    {
+      "header": {
+        "rcode": 0
+      }
+    }
+  ]
+}
+```
+
+The `query_type_matches` field is set to an array of query types to match against. Omission of this field is equivalent to a wildcard and will match all query types.
+
+## Response Status Code
+
+The following rule with match on a response code of `NXDOMAIN` and will apply a response modification accordingly:
+
+```json
+{
+  "name": "Make all responses requested from localhost (127.0.0.1) NOERROR.",
+  "response_code_matches": [ "NXDOMAIN" ],
+  "modifications": [
+    {
+      "header": {
+        "rcode": 0
+      }
+    }
+  ]
+}
+```
+
+The `response_code_matches` field is set to an array of response codes to match against. Omission of this field is equivalent to a wildcard and will match all RCODE types.
+
diff --git a/config.json b/config.json
@@ -33,6 +33,26 @@
                     }
                 }
             ]
+        },
+        {
+            "name": "Make all NXDOMAIN responses return an A record with NOERROR.",
+            "response_code_matches": [ "NXDOMAIN" ],
+            "modifications": [
+                {
+                    "header": {
+                        "rcode": 0
+                    },
+                    "answer": [
+                        {
+                            "name": "apple.com",
+                            "type": 1,
+                            "class": 1,
+                            "ttl": 10,
+                            "address": "1.3.3.7"
+                        }
+                    ]
+                }
+            ]
         }
     ]
 }
diff --git a/judasdns.js b/judasdns.js
@@ -51,6 +51,28 @@ var RRCODE_TO_QUERY_NAME_MAP = {
     256: "URI"
 }
 
+var RCODE_TO_RESPONSE_CODE_NAME_MAP = {
+    0: "NOERROR",
+    1: "FORMERR",
+    2: "SERVFAIL",
+    3: "NXDOMAIN",
+    4: "NOTIMP",
+    5: "REFUSED",
+    6: "YXDOMAIN",
+    7: "YXRRSET",
+    8: "NXRRSET",
+    9: "NOTAUTH",
+    10: "NOTZONE",
+    16: "BADSIG",
+    17: "BADKEY",
+    18: "BADTIME",
+    19: "BADMODE",
+    20: "BADNAME",
+    21: "BADALG",
+    22: "BADTRUNC",
+    23: "BADCOOKIE"
+}
+
 /*
  * Get random element from target array
  */
@@ -132,50 +154,7 @@ function dns_request( request_data ) {
         });
 
         req.on( "message", function ( err, answer ) {
-            if( err ) {
-                reject({
-                    "error": "UNKNOWN",
-                    "raw_error": err,
-                    "request": request_data,
-                });
-            } else {
-                var reject_object = {
-                    "error": "UNKNOWN",
-                    "request": request_data,
-                }
-                if( answer.header.rcode === 0 ) {
-                    resolve( answer );
-                } else if( answer.header.rcode === 1 ) {
-                    reject_object.error = "FORMERROR";
-                    reject( reject_object );
-                } else if( answer.header.rcode === 2 ) {
-                    reject_object.error = "SERVFAIL";
-                    reject( reject_object );
-                } else if( answer.header.rcode === 3 ) {
-                    reject_object.error = "NXDOMAIN";
-                    reject( reject_object );
-                } else if( answer.header.rcode === 4 ) {
-                    reject_object.error = "NOTIMP";
-                    reject( reject_object );
-                } else if( answer.header.rcode === 5 ) {
-                    reject_object.error = "REFUSED";
-                    reject( reject_object );
-                } else if( answer.header.rcode === 6 ) {
-                    reject_object.error = "YXDOMAIN";
-                    reject( reject_object );
-                } else if( answer.header.rcode === 7 ) {
-                    reject_object.error = "XRRSET";
-                    reject( reject_object );
-                } else if( answer.header.rcode === 8 ) {
-                    reject_object.error = "NOTAUTH";
-                    reject( reject_object );
-                } else if( answer.header.rcode === 9 ) {
-                    reject_object.error = "NOTZONE";
-                    reject( reject_object );
-                } else {
-                    reject( reject_object );
-                }
-            }
+            resolve( answer );
         });
 
         req.send();
@@ -206,6 +185,16 @@ function rule_matches( request, response, modification_rule ) {
         return false;
     }
 
+    function response_code_matches() {
+        if( "response_code_matches" in modification_rule ) {
+           return ( rcode_to_responsename( response.header.rcode === modification_rule.response_code_matches ) ||
+                   contains( "*", modification_rule.response_code_matches ) );
+        } else {
+            return true;
+        }
+        return false;
+    }
+
     return Boolean( query_type_matches() && ip_range_matches() );
 }
 
@@ -250,6 +239,13 @@ function rrcode_to_queryname( rrcode ) {
     return "UKNOWN";
 }
 
+function rcode_to_responsename( rcode ) {
+    if( rrcode in RCODE_TO_RESPONSE_CODE_NAME_MAP ) {
+        return RCODE_TO_RESPONSE_CODE_NAME_MAP[ rcode ];
+    }
+    return "UKNOWN";
+}
+
 function queryname_to_rrcode( queryname ) {
     queryname = queryname.toUpperCase();
     for ( var key in RRCODE_TO_QUERY_NAME_MAP ) {