added dns.spoof.proxy and dns.spoof.proxy.srv.

[M0WA]

dns.spoof.proxy is boolean and switches on/off dns proxying.
dns.spoof.proxy.srv can either be set to 'system' (linux/mac only)
to use the system-dns for proxing or an ip.

this features proxies all dns requests seen to a given dns server
and fakes the responses if neccessary

[codecov-io]

Codecov Report

Merging #496 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #496   +/-   ##
=======================================
  Coverage   51.06%   51.06%           
=======================================
  Files           3        3           
  Lines          47       47           
=======================================
  Hits           24       24           
  Misses         23       23

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0810a1f...a1197f7. Read the comment docs.

[evilsocket]

this won't work on platforms that are not GNU/Linux i think ...

[M0WA]

It does not work very well on Linux either, because it just uses the first nameserver occurrance in a hardcoded filename and therefore the setting "system" on dns.spoof.proxy.srv is more a convenience feature for me. maybe a default of 8.8.8.8 might be better (instead of "system" as default).

[evilsocket]

why not just another parameter to let the user specify the default resolver?

[M0WA]

I think thats already possible, if i understand u correctly.
dns.spoof.proxy.srv can either be set to 'system' (linux/mac only) to use the system-dns for proxing or an ip.

[evilsocket]

i'm not sure about this PR: why not just using a combination of dns.spoof and packet.proxy ?

[M0WA]

@packet.proxy:
My final goal was to be able to control bettercaps behaviour on a per domain and per client level while behaving like a dns server. A distinction on a wildcard domain is not possible with iptables afaik. If it is, it is much more expensive than a pcap bpf filter.

i.e.
for client A google.com resolves to 1.1.1.1
for client A yahoo.com resolves to 1.1.1.2

for client B google.com resolves to / proxied request
for client B yahoo.com resolves to 1.1.1.3

for client C google.com resolves to / proxied request
for client C yahoo.com resolves to 1.1.1.3

In my setup I am currently running bettercap on the std-gateway that also does dns.
Sometimes I want to test stuff on a certain client while another should continue working "as normal",
even on domain level.

I could do some external setup with dnsmasq achieving the same functionality as above (actually I did),
but it is better to have it be controlled "in one place" also limiting the amount of logs i have to grep and many more reasons...

[mrbluecoat]

I agree, this would be very helpful for my use case as well.

@M0WA, can you share a gist with your dnsmasq solution?

[josh1631]

So Im really new to this my question is does this mean at the moment this program is stuck