Add fake records request counter to facilitate DNS rebinding attacks

[lamesecguy]

Add fake records request counter to facilitate DNS rebinding attacks

The proposed changes add a fake records request counter in order to facilitate DNS rebinding attacks. They were instrumental to me while I was playing with a HackTheBox machine, so I thought this might help more people. That is why I'm opening this pull request.

I found in the Internet some examples of DNS rebinding attack using DNSChef, but they were using nasty Shell scripts to kill DNSChef after it responds to a fake DNS record. I thought it would be a lot more elegant solution to do it in the proposed way.

What does the proposed changes actually do

The proposed changes have DNSChef decrement a counter every time it responds a fake DNS requests and then, when the counter hits "0" (zero), it gracefully exits. The idea behind this is that two DNSChef commands would be executed in a row, so that the response given by DNSChef would change after a given number of responses.

In the example below, I configured two DNSChef commands. On the first one, I configure DNSChef to respond to "5" (five) requests to a fake domain name with the IP address "172.16.1.1" and, on the second one, I configured no counters, so DNSChef will respond to a fake domain name with the IP address "192.168.1.1" until interrupted.

Thanks!

Thank you for developing the tool! I had fun playing with it and improving it. Feel free to modify my changes anyway you see fit.