[penetration test tool sharing] [dnslog server building guidance]

introduction

During the penetration test , Often used to dnslog The server , be used for dns Sniffing and OOB, There are many public dnslog Platform tools are available , There are mainly

http://www.dnslog.cn
http://ceye.io

nuclei Is an open source template based vulnerability scanning tool , about RCE Class vulnerability , nuclei Will use dnslog To test , among nuclei Default supported dnslog The server is :

oast.pro,
oast.live,
oast.site,
oast.online,
oast.fun,
oast.me

During the safety test , These are public dnslog The address may be blocked , Unable to execute normally dns Sniffing . therefore , You can build a dnslog The server . Here is an operation guide .

dnslog Service area construction guidance

Prerequisite :

1. Apply for your own domain name
2. Have your own cloud server （ Be careful : It is recommended to apply for overseas ECS , In the process of building, the author found that domestic servers were used , Building a website requires filing , The process is complicated ）
3. ECS needs to be directly bound to a public network ip（ Need to be able to be in the machine [ip a command ] It is found that the public network is bound IP Flexible network card of ）.

Project address

https://github.com/projectdiscovery/interactsh

interactsh What is the difference between client and server ？
The client can apply for the sub domain name of the server , In this case , Access to the subdomain name can be directed directly to the corresponding host .
The server is equivalent to a domain name server , You can find the address of the corresponding subdomain ,

Operation steps

1. Apply for a personal domain name
2. Apply for an overseas personal cloud server
3. Apply for an overseas elastic public network ip
4. Connect the elastic public network ip Bind to the network card
5. according to interactsh Installation guidance of the project , Deployment project , And start the process
6. Put the domain name and steps 3 The public ip binding
7. verification dnslog Usability .

summary :

The author has built dnslog The server , Encountered many pits in the process , Next, make a pit avoidance Guide :

1. Start using domestic servers , The result is bound to the domain name , It was not long before , The web page cannot be accessed , It can only be used after filing , The filing process is very troublesome .
2. When applying for ECS , Bring your own public network ip, But this public network ip It is not bound to the local network card , install interactsh There will be problems. , dnslog Not working properly , You need to bind another public network ip, To guarantee dnslog Normal use .
3. A ECS is bound to the new public network ip, Then the original public network ip There is no way to use , It will also lead to the risk that the host cannot be connected , In the process of exploration , There is no mature plan for the time being .
4. After construction dnslog After the server , Only use http agreement , There is no way to use https The server （ Failed to apply for certificate ）, This still needs to be explored .