/// <summary>
/// Checks for DNS frames in this frame and spoofes the response, if a response entry does match
/// </summary>
/// <param name="fInputFrame">The frame to handle</param>
/// <returns>The modified frame</returns>
protected override Frame ModifyTraffic(Frame fInputFrame)
{
if (!bPause)
{
IPFrame ipFrame = GetIPFrame(fInputFrame);
UDPFrame udpFrame = GetUDPFrame(fInputFrame);
DNSFrame dnsFrame = (DNSFrame)GetFrameByType(fInputFrame, FrameTypes.DNS);
if (dnsFrame != null && ipFrame != null)
{
if (dnsFrame.QRFlag)
{
foreach (DNSResourceRecord r in dnsFrame.GetAnswers())
{
ProcessDNSRecord(r, ipFrame.DestinationAddress);
}
foreach (DNSResourceRecord r in dnsFrame.GetAuthorotives())
{
ProcessDNSRecord(r, ipFrame.DestinationAddress);
}
foreach (DNSResourceRecord r in dnsFrame.GetAdditionals())
{
ProcessDNSRecord(r, ipFrame.DestinationAddress);
}
}
if (udpFrame != null)
{
udpFrame.Checksum = new byte[2]; //Empty checksum
}
}
}
return(fInputFrame);
}
/// <summary>
/// Checks whether the input frame contains a DNS component.
/// If it contains a DNS frame, the DNS frame will be parsed and logged
/// </summary>
/// <param name="fInputFrame">The frame to analyze</param>
protected override void HandleTraffic(Frame fInputFrame)
{
UDPFrame fUDP = GetUDPFrame(fInputFrame);
IPFrame ipFrame = GetIPFrame(fInputFrame);
DNSFrame dFrame = (DNSFrame)GetFrameByType(fInputFrame, FrameTypes.DNS);
if (fUDP != null && ipFrame != null && dFrame != null)
{
bool bFound = false;
foreach (DNSItem di in lLog)
{
foreach (DNSQuestion qs in dFrame.GetQuestions())
{
if ((di.QueryingHost.Equals(ipFrame.SourceAddress) || di.QueryingHost.Equals(ipFrame.DestinationAddress)) && di.TransactionID == dFrame.Identifier && di.QueryName == qs.Query && !di.TransactionComplete)
{
bFound = true;
}
}
}
if (!bFound)
{
foreach (DNSQuestion qs in dFrame.GetQuestions())
{
DNSItem dsItem;
if (dFrame.QRFlag)
{
dsItem = new DNSItem(qs.Query, ipFrame.DestinationAddress, ipFrame.SourceAddress, TimeSpan.Zero, dFrame.Identifier);
}
else
{
dsItem = new DNSItem(qs.Query, ipFrame.SourceAddress, ipFrame.DestinationAddress, TimeSpan.Zero, dFrame.Identifier);
}
AddLogItem(dsItem);
}
}
if (dFrame.QRFlag)
{
foreach (DNSItem dsItem in lLog)
{
if (dFrame.Identifier == dsItem.TransactionID && !dsItem.TransactionComplete)
{
foreach (DNSResourceRecord rr in dFrame.GetAnswers())
{
if (rr.Type == DNSResourceType.CNAME)
{
if (rr.Name == dsItem.QueryName)
{
string strTMPName = ASCIIEncoding.ASCII.GetString(rr.ResourceData);
foreach (DNSResourceRecord rr2 in dFrame.GetAnswers())
{
if (rr2.Type == DNSResourceType.A && rr2.Name == strTMPName)
{
IPAddress ipa = new IPAddress(rr2.ResourceData);
if (!dsItem.ContainsAnswer(ipa))
{
dsItem.AddAnswer(ipa);
}
dsItem.ChacheTime = new TimeSpan(0, 0, rr2.TTL);
dsItem.TransactionComplete = true;
dsItem.AnsweringServer = ipFrame.SourceAddress;
InvokeUpdated(dsItem);
}
}
}
}
if (rr.Type == DNSResourceType.A && rr.Name == dsItem.QueryName)
{
IPAddress ipa = new IPAddress(rr.ResourceData);
if (!dsItem.ContainsAnswer(ipa))
{
dsItem.AddAnswer(ipa);
}
dsItem.ChacheTime = new TimeSpan(0, 0, rr.TTL);
dsItem.AnsweringServer = ipFrame.SourceAddress;
dsItem.TransactionComplete = true;
InvokeUpdated(dsItem);
}
}
}
}
}
}
}