Skip to content

Demon-tk/Web-Application-Security-Blog

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
.idea
.idea
 
 
Blog Post
Blog Post
 
 
resources
resources
 
 
venv
venv
 
 
README.md
README.md
 
 
get_filterlist.py
get_filterlist.py
 
 
main.py
main.py
 
 
requirements.txt
requirements.txt
 
 
threader.py
threader.py
 
 

Repository files navigation

CNAME Cloaking repo for Nate Mendes's CSEC-380 Blog

What it does

Used to detect CNAME Cloaking on recorded browsing sessions

Methodology:

  1. Read recorded pcap file
  2. Parse the pcap files for DNS requests that may show possible CNAME cloaking
  3. Download and parse (regex style) an update AgGuard filterlist
  4. Filter out tracking domains that are not hiding
  5. Locate domain(s) that use CNAME Cloaking
  6. Pretty print the results

Configuration

Install requirements.txt

Insert pcap file as my_pcap2.pcap in the main directory, or use default pcap file

Run main.py in terminal with no arguments

Results

Original Subdomain DNS resolved Domain Cloaking
<DNS_SCHEME>.URL <DNS_SCHEME>.URL Boolean

Example Output

Original Subdomain DNS resolved Domain Cloaking
smetrics.redhat.com. redhat.com.ssl.sc.omtrdc.net True
smetrics.redhat.com. redhat.com.ssl.sc.omtrdc.net True

Example Video

Video exampling script usage

Issues

  1. Duplicate CNAME Claoking domains will appear

License

Code is not authoirized for use by any third-parties unless explicit permission is given by the author.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages