private string IpReverseLookup(string ipAddress)
{
var reversePtr = string.Join(".", ipAddress.Split('.').Reverse()) + ".in-addr.arpa";
var objResolver = new TrustedResolver(reversePtr, _dictResolvers[_indexResolver].Api, "PTR");
var ptrValue = objResolver.DnsOverHttps();
if (ptrValue != "" && ptrValue != "NXDOMAIN")
{
return(ptrValue);
}
return("");
}
private void UpdateListView(Response response, string ipResolver)
{
// Get list of IP addresses returned by the untrusted resolver
var untrustedAddresses = response.AnswerRecords
.Where(r => r.Type == RecordType.A)
.Cast <IPAddressResourceRecord>()
.Select(r => r.IPAddress)
.ToList();
var domainReq = response.AnswerRecords[0].Name.ToString();
var info = "";
var type = "6";
var time = DateTime.Now.ToString("MM/dd/yyyy HH:mm:ss");
var initial = "";
// If passive mode 'on' ignore DNS over HTTPS; just records DNS responses
if (cbPassive.Checked)
{
UpdateRow(time, ipResolver, domainReq, "", "", "", "Passive Mode", "0");
return;
}
initial = _dictResolvers[_indexResolver].Ini;
var objResolver = new TrustedResolver(domainReq, _dictResolvers[_indexResolver].Api, "A");
var trusted = objResolver.DnsOverHttps();
var untrusted = string.Join(",", untrustedAddresses);
if (trusted != "")
{
if (trusted == untrusted)
{
type = "5";
}
else
{
if (untrustedAddresses.Count == 1)
{
if (trusted.Split(',').Length > 1)
{
info = "IP addresses do not match";
type = "6";
}
else if (IsPrivate(untrusted) && trusted != "NXDOMAIN")
{
type = "1";
info = "Public domain gets a private IP (possible DNS Spoof)";
}
else if (IsPrivate(untrusted))
{
type = "4";
info = "Local resource";
}
else if (trusted == "NXDOMAIN")
{
type = "8";
info = "Non-existent domain gets a public IP (possible DNS Spoof)";
}
else // At this point trusted and untrusted are public IP addresses
{
var rangeC = IPAddressRange.Parse(trusted + "/255.255.255.0");
var rangeB = IPAddressRange.Parse(trusted + "/255.255.0.0");
if (rangeC.Contains(IPAddress.Parse(untrusted)))
{
info = "Same /24 Domain: " + rangeC;
type = "3";
}
else if (rangeB.Contains(IPAddress.Parse(untrusted)))
{
info = "Same /16 Domain: " + rangeB;
type = "2";
}
else
{
var ptrUntrust = IpReverseLookup(untrusted);
var ptrTrust = IpReverseLookup(trusted);
if (CompareSubdomain(ptrUntrust, ptrTrust))
{
info = $"Second-level domain in common: {ptrUntrust} / {ptrTrust}";
type = "7";
}
else
{
if (CompareSubdomain(ptrUntrust, domainReq))
{
info = "Second-level domain in common: " + ptrUntrust;
type = "J";
}
else
{
if (cbWhois.Checked)
{
IPAddress address;
if (IPAddress.TryParse(untrusted, out address))
{
var ipInfo = new IpInfo();
info = WhoisIP(untrusted);
}
}
}
}
}
}
}
else if (untrustedAddresses.Count > 1 && trusted != "NXDOMAIN")
{
var trustedAddrSep = trusted.Split(',')
.Select(IPAddress.Parse)
.ToList();
if (trusted.Split(',').Length == untrustedAddresses.Count &&
untrustedAddresses.All(trustedAddrSep.Contains))
{
type = "5";
}
else
{
info = "IP addresses do not match";
}
}
}
}
UpdateRow(time, ipResolver, domainReq, untrusted, trusted, initial, info, type);
}
