Adding case-insensitive regex #62
Conversation
During a test I had an issue with an DNS resolver of my target host malforming the DNS queries (uppercase/lowercase). Beause of this, the dnscat2 server was unable to establish a session. I fixed this issue by adding case-insensitive regex modifiers (/i).
|
Interesting! Was it making the domain uppercase or were you trying to use a domain with case? I noticed that OS X mangles case in its resolver, which is why I started using all lowercase (I originally used base64). It didn't occur to me to make the regexes case insensitive, that's a good idea! |
|
I captured the packets with tcpdump and noticed the DNS queries being a mix of upper and lower case characters. For example: Foo.ExamplE.net. It seems that this is a "security" technique to add entropy to requests by randomizing case in query names. |
|
Thanks for the info! In addition to merging your diff, I also called out the behaviour in the docs: Let me know (or send another pull request) if you want to be credited a different way :) |
|
Thank you! :) |
During a test I had an issue with an DNS resolver of my target host malforming the DNS queries (uppercase/lowercase). Beause of this, the dnscat2 server was unable to establish a session. I fixed this issue by adding case-insensitive regex modifiers (/i).