From 002fcae1833968cc64896b6bb75a8691cb25d717 Mon Sep 17 00:00:00 2001 From: Ivan Jedek Date: Mon, 15 Jul 2024 14:57:40 +0400 Subject: [PATCH] New features and updates --- changelog | 7 ++ docs/catalogue/record-injections.md | 84 ++++++++++----------- docs/catalogue/response-modifiers.md | 107 ++++++++++++++++++++++++--- modules/inj01.toml | 8 +- modules/inj02.toml | 8 +- modules/inj03.toml | 8 +- modules/inj04.toml | 8 +- modules/inj05.toml | 8 +- modules/inj06.toml | 8 +- modules/inj07.toml | 8 +- modules/inj08.toml | 8 +- modules/inj09.toml | 8 +- modules/inj10.toml | 8 +- modules/inj11.toml | 8 +- modules/inj12.toml | 8 +- modules/inj13.toml | 8 +- modules/inj14.toml | 8 +- polardns.py | 95 +++++++++++++----------- test/test.sh | 85 ++++++++++++++------- 19 files changed, 310 insertions(+), 180 deletions(-) diff --git a/changelog b/changelog index cf311ff..f13bda5 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,10 @@ +15/Jul/2024 +- added the `add` modifier for appending arbitrary bytes to the end of the packet +- added the `rl` modifier for recalculating the length in TCP in case `cut` or `add` modifiers were used during a request +- updated the catalogue documentation +- added tests (total test count: 746) +- various minor optimizations + 12/Jul/2024 - added the `ptralias`, `ptrloop1` and `ptrloop2` features responding with PTR records - updated the catalogue documentation diff --git a/docs/catalogue/record-injections.md b/docs/catalogue/record-injections.md index 11fd077..51899ad 100644 --- a/docs/catalogue/record-injections.md +++ b/docs/catalogue/record-injections.md @@ -28,9 +28,9 @@ These injection scenarios typically provide a legitimate answer as the response, Respond with legit CNAME (end.yourdomain.com) + injected A record (inj1poc.yourdomain.com -> 6.6.6.6). - - - + + +
format:inj01.[replq].[addq].[3rdparty].yourdomain.com
remark:replq (optional) - will replace the question in the response with inj1poc.yourdomain.com
remark:addq (optional) - will add additional question for inj1poc.yourdomain.com in the response
format:inj01.[rpq].[adq].[3rdparty].yourdomain.com
remark:rpq (optional) - will replace the question in the response with inj1poc.yourdomain.com
remark:adq (optional) - will add additional question for inj1poc.yourdomain.com in the response
remark:3rdparty (optional) - will do injection for 3rd party (whatever.com), rather than yourdomain.com
example:dig inj01.yourdomain.com @127.0.0.1
@@ -61,9 +61,9 @@ injected01.yourdomain.com. 60 IN A 6.6.6.1 Respond with injected A record (inj2poc.yourdomain.com -> 6.6.6.6) + legit CNAME (end.yourdomain.com). - - - + + +
format:inj02.[replq].[addq].[3rdparty].yourdomain.com
remark:replq (optional) - will replace the question in the response with inj2poc.yourdomain.com
remark:addq (optional) - will add additional question for inj2poc.yourdomain.com in the response
format:inj02.[rpq].[adq].[3rdparty].yourdomain.com
remark:rpq (optional) - will replace the question in the response with inj2poc.yourdomain.com
remark:adq (optional) - will add additional question for inj2poc.yourdomain.com in the response
remark:3rdparty (optional) - will do injection for 3rd party (whatever.com), rather than yourdomain.com
example:dig inj02.yourdomain.com @127.0.0.1
@@ -94,9 +94,9 @@ inj02.yourdomain.com. 60 IN CNAME end.yourdomain.com. Respond with legit A record (1.2.3.4) + injected A record (inj3poc.yourdomain.com -> 6.6.6.6). - - - + + +
format:inj03.[replq].[addq].yourdomain.com
remark:replq (optional) - will replace the question in the response with inj3poc.yourdomain.com
remark:addq (optional) - will add additional question for inj3poc.yourdomain.com in the response
format:inj03.[rpq].[adq].yourdomain.com
remark:rpq (optional) - will replace the question in the response with inj3poc.yourdomain.com
remark:adq (optional) - will add additional question for inj3poc.yourdomain.com in the response
remark:3rdparty (optional) - will do injection for 3rd party (whatever.com), rather than yourdomain.com
example:dig inj03.yourdomain.com @127.0.0.1
@@ -127,9 +127,9 @@ injected03.yourdomain.com. 60 IN A 6.6.6.3 Respond with injected A record (inj4poc.yourdomain.com -> 6.6.6.6) + legit A record (1.2.3.4). - - - + + +
format:inj04.[replq].[addq].[3rdparty].yourdomain.com
remark:replq (optional) - will replace the question in the response with inj4poc.yourdomain.com
remark:addq (optional) - will add additional question for inj4poc.yourdomain.com in the response
format:inj04.[rpq].[adq].[3rdparty].yourdomain.com
remark:rpq (optional) - will replace the question in the response with inj4poc.yourdomain.com
remark:adq (optional) - will add additional question for inj4poc.yourdomain.com in the response
remark:3rdparty (optional) - will do injection for 3rd party (whatever.com), rather than yourdomain.com
example:dig inj04.yourdomain.com @127.0.0.1
@@ -160,9 +160,9 @@ inj04.yourdomain.com. 60 IN A 1.2.3.4 Respond with CNAME (inj05poc.yourdomain.com) in all sections + inject also A record of it (inj05poc.yourdomain.com -> 6.6.6.6) in all sections. - - - + + +
format:inj05.[replq].[addq].[3rdparty].yourdomain.com
remark:replq (optional) - will replace the question in the response with inj05poc.yourdomain.com
remark:addq (optional) - will add additional question for inj05poc.yourdomain.com in the response
format:inj05.[rpq].[adq].[3rdparty].yourdomain.com
remark:rpq (optional) - will replace the question in the response with inj05poc.yourdomain.com
remark:adq (optional) - will add additional question for inj05poc.yourdomain.com in the response
remark:3rdparty (optional) - will do injection for 3rd party (whatever.com), rather than yourdomain.com
example:dig inj05.yourdomain.com @127.0.0.1
@@ -201,9 +201,9 @@ injected05.yourdomain.com. 60 IN A 6.6.6.5 Respond with CNAME (inj06poc.yourdomain.com) in all sections + inject also AAAA record of it (inj06poc.yourdomain.com -> 6666:6666:6666:6666:6666:6666:6666:6666) in all sections. - - - + + +
format:inj06.[replq].[addq].[3rdparty].yourdomain.com
remark:replq (optional) - will replace the question in the response with inj06poc.yourdomain.com
remark:addq (optional) - will add additional question for inj06poc.yourdomain.com in the response
format:inj06.[rpq].[adq].[3rdparty].yourdomain.com
remark:rpq (optional) - will replace the question in the response with inj06poc.yourdomain.com
remark:adq (optional) - will add additional question for inj06poc.yourdomain.com in the response
remark:3rdparty (optional) - will do injection for 3rd party (whatever.com), rather than yourdomain.com
example:dig inj06.yourdomain.com @127.0.0.1
@@ -242,9 +242,9 @@ injected06.yourdomain.com. 60 IN AAAA 6666:6666:6666:6666:6666:6666:6666:6666 Respond only with injected A record (inj07poc.yourdomain.com -> 6.6.6.6). - - - + + +
format:inj07.[replq].[addq].[3rdparty].yourdomain.com
remark:replq (optional) - will replace the question in the response with inj07poc.yourdomain.com
remark:addq (optional) - will add additional question for inj07poc.yourdomain.com in the response
format:inj07.[rpq].[adq].[3rdparty].yourdomain.com
remark:rpq (optional) - will replace the question in the response with inj07poc.yourdomain.com
remark:adq (optional) - will add additional question for inj07poc.yourdomain.com in the response
remark:3rdparty (optional) - will do injection for 3rd party (whatever.com), rather than yourdomain.com
example:dig inj07.yourdomain.com @127.0.0.1
@@ -274,9 +274,9 @@ injected07.yourdomain.com. 60 IN A 6.6.6.7 Respond only with injected A record (inj08poc.yourdomain.com -> 6.6.6.6) in all sections. - - - + + +
format:inj08.[replq].[addq].[3rdparty].yourdomain.com
remark:replq (optional) - will replace the question in the response with inj08poc.yourdomain.com
remark:addq (optional) - will add additional question for inj108poc.yourdomain.com in the response
format:inj08.[rpq].[adq].[3rdparty].yourdomain.com
remark:rpq (optional) - will replace the question in the response with inj08poc.yourdomain.com
remark:adq (optional) - will add additional question for inj108poc.yourdomain.com in the response
remark:3rdparty (optional) - will do injection for 3rd party (whatever.com), rather than yourdomain.com
example:dig inj08.yourdomain.com @127.0.0.1
@@ -312,9 +312,9 @@ injected08.yourdomain.com. 60 IN A 6.6.6.8 Respond only with injected PTR record (6.6.6.6 -> inj09poc.yourdomain.com) in all sections. - - - + + +
format:inj09.[replq].[addq].[3rdparty].yourdomain.com
remark:replq (optional) - will replace the question in the response with inj09poc.yourdomain.com
remark:addq (optional) - will add additional question for inj09poc.yourdomain.com in the response
format:inj09.[rpq].[adq].[3rdparty].yourdomain.com
remark:rpq (optional) - will replace the question in the response with inj09poc.yourdomain.com
remark:adq (optional) - will add additional question for inj09poc.yourdomain.com in the response
remark:3rdparty (optional) - will do injection for 3rd party (whatever.com), rather than yourdomain.com
example:dig inj09.yourdomain.com @127.0.0.1
@@ -350,9 +350,9 @@ Sample: Respond with empty answer, but include information in the AUTHORITY section that NS for yourdomain.com is ns1.whatever.com and in the ADDITIONAL section, provide our IP for the ns1.whatever.com. - - - + + +
format:inj10.[replq].[addq].[3rdparty].yourdomain.com
remark:replq (optional) - will replace the question in the response with yourdomain.com/whatever.com (depending on the 3rdparty option)
remark:addq (optional) - will add additional question for yourdomain.com/whatever.com (depending on the 3rdparty option) in the response
format:inj10.[rpq].[adq].[3rdparty].yourdomain.com
remark:rpq (optional) - will replace the question in the response with yourdomain.com/whatever.com (depending on the 3rdparty option)
remark:adq (optional) - will add additional question for yourdomain.com/whatever.com (depending on the 3rdparty option) in the response
remark:3rdparty (optional) - will include information in the AUTHORITY section that NS for whatever.com is ns1.yourdomain.com and in the ADDITIONAL section, provide our IP for the ns1.yourdomain.com
example:dig inj10.yourdomain.com @127.0.0.1
@@ -385,9 +385,9 @@ ns1.whatever.com. 60 IN A 44.196.212.212 Respond with empty answer, but include information in the AUTHORITY section that NS for whatever.com is ns1.yourdomain.com.whatever.com and in the ADDITIONAL section, provide our IP for the ns1.yourdomain.com.whatever.com. - - - + + +
format:inj11.[replq].[addq].[3rdparty].yourdomain.com
remark:replq (optional) - will replace the question in the response with whatever.com
remark:addq (optional) - will add additional question for whatever.com in the response
format:inj11.[rpq].[adq].[3rdparty].yourdomain.com
remark:rpq (optional) - will replace the question in the response with whatever.com
remark:adq (optional) - will add additional question for whatever.com in the response
remark:3rdparty (optional) - will include information in the AUTHORITY section that NS for whatever.com is ns1.whatever.com.yourdomain.com and in the ADDITIONAL section, provide our IP for the ns1.whatever.com.yourdomain.com
example:dig inj11.yourdomain.com @127.0.0.1
@@ -420,9 +420,9 @@ ns1.yourdomain.com.whatever.com. 60 IN A 44.196.212.212 Respond with empty answer, but include information in all sections that NS for yourdomain.com is ns1.whatever.com and also provide our IP for the ns1.whatever.com. - - - + + +
format:inj12.[replq].[addq].[3rdparty].yourdomain.com
remark:replq (optional) - will replace the question in the response with yourdomain.com/whatever.com (depending on the 3rdparty option)
remark:addq (optional) - will add additional question for yourdomain.com/whatever.com (depending on the 3rdparty option) in the response
format:inj12.[rpq].[adq].[3rdparty].yourdomain.com
remark:rpq (optional) - will replace the question in the response with yourdomain.com/whatever.com (depending on the 3rdparty option)
remark:adq (optional) - will add additional question for yourdomain.com/whatever.com (depending on the 3rdparty option) in the response
remark:3rdparty (optional) - will provide information in all sections that NS for whatever.com is ns1.yourdomain.com and also provide our IP for the ns1.yourdomain.com
example:dig inj12.yourdomain.com @127.0.0.1
@@ -461,9 +461,9 @@ ns1.whatever.com. 60 IN A 44.196.212.212 Respond with a CNAME (inj13poc.whatever.com), but include information in all sections that NS for whatever.com is ns1.yourdomain.com and also provide our IP for the ns1.yourdomain.com. - - - + + +
format:inj13.[replq].[addq].[3rdparty].yourdomain.com
remark:replq (optional) - will replace the question in the response with whatever.com
remark:addq (optional) - will add additional question for whatever.com in the response
format:inj13.[rpq].[adq].[3rdparty].yourdomain.com
remark:rpq (optional) - will replace the question in the response with whatever.com
remark:adq (optional) - will add additional question for whatever.com in the response
remark:3rdparty (optional) - will respond with a CNAME (inj13poc.whatever.com), but include information in all sections that NS for whatever.com is ns1.whatever.com and also provide our IP for the ns1.whatever.com
example:dig inj13.yourdomain.com @127.0.0.1
@@ -503,9 +503,9 @@ ns1.yourdomain.com. 60 IN A 44.196.212.212 Respond only with CNAME record of a 3rd party (inj14poc.yourdomain.com -> alwaysXXX.yourdomain.com) in all sections, to see if it will try to proactively resolve the alwaysXXX. - - - + + +
format:inj14.[replq].[addq].[3rdparty].yourdomain.com
remark:replq (optional) - will replace the question in the response with inj14poc.yourdomain.com
remark:addq (optional) - will add additional question for inj14poc.yourdomain.com in the response
format:inj14.[rpq].[adq].[3rdparty].yourdomain.com
remark:rpq (optional) - will replace the question in the response with inj14poc.yourdomain.com
remark:adq (optional) - will add additional question for inj14poc.yourdomain.com in the response
remark:3rdparty (optional) - will do injection for 3rd party (whatever.com), rather than yourdomain.com
example:dig inj14.yourdomain.com @127.0.0.1
diff --git a/docs/catalogue/response-modifiers.md b/docs/catalogue/response-modifiers.md index 65eee97..e68f4f2 100644 --- a/docs/catalogue/response-modifiers.md +++ b/docs/catalogue/response-modifiers.md @@ -14,6 +14,8 @@ - [Set authority RRs in the header (aurr)](#set-authority-rrs-in-the-header-aurr) - [Set additional RRs in the header (adrr)](#set-additional-rrs-in-the-header-adrr) - [Cut N bytes from the end of the packet (cut)](#cut-n-bytes-from-the-end-of-the-packet-cut) + - [Add N bytes to the end of the packet (add)](#add-n-bytes-to-the-end-of-the-packet-add) + - [Recalculate length in TCP (rl)](#recalculate-length-in-tcp-rl) - [Force compression (fc)](#force-compression-fc) - [No compression (nc)](#no-compression-nc) - [Name fuzzing generator (nfz)](#name-fuzzing-generator-nfz) @@ -203,33 +205,34 @@ Set custom flags in the DNS header, allowing to specify it as a decimal number, - + - - - + + +
format:anything.flgs<NUMBER>.yourdomain.com
format:anything.flgs<0xHEX>.yourdomain.com
format:anything.flgsrand.yourdomain.com
format:anything.flgsr.yourdomain.com
remark:Flags is 2 bytes long field, so max decimal number is 65535 or 0xffff in hexadecimal format
example:dig always.flgs0x8400.yourdomain.com @127.0.0.1
example:dig always.flgs33792.yourdomain.com @127.0.0.1
example:dig always.flgsrand.yourdomain.com @127.0.0.1
example:dig always.flgs0x8403.yourdomain.com @127.0.0.1
example:dig always.flgs33795.yourdomain.com @127.0.0.1
example:dig always.flgsr.yourdomain.com @127.0.0.1
Sample: ``` -# dig always.flgs0x8400.yourdomain.com @127.0.0.1 +# dig always.flgs0x8403.yourdomain.com @127.0.0.1 -; <<>> DiG 9.18.10-2-Debian <<>> always.flgs0x8400.yourdomain.com @127.0.0.1 +; <<>> DiG 9.18.10-2-Debian <<>> always.flgs0x8403.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: -;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4241 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63015 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: -;always.flgs0x8400.yourdomain.com. IN A +;always.flgs0x8403.yourdomain.com. IN A ;; ANSWER SECTION: -always.flgs0x8400.yourdomain.com. 60 IN A 2.3.4.5 +always.flgs0x8403.yourdomain.com. 60 IN A 2.3.4.5 -;; Query time: 0 msec +;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) -;; WHEN: Thu Nov 02 16:37:51 +04 2023 -;; MSG SIZE rcvd: 98 +;; WHEN: Mon Jul 15 11:00:45 +04 2024 +;; MSG SIZE rcvd: 66 + ``` ### Set question RRs in the header (qurr) Set arbitrary number of questions in the DNS header. @@ -386,6 +389,86 @@ size.128.cut16.fc.yourdomain.com. 60 IN A 127.0.0.123 ;; WHEN: Mon Jul 08 15:41:00 +04 2024 ;; MSG SIZE rcvd: 98 +``` +### Add N bytes to the end of the packet (add) +Append a specified number of arbitrary byte(s) to the end of the packet. The byte value can be defined as a decimal number, a hexadecimal number, or leave it random if omitted. + + + + + + + + + +
format:anything.add<NUMBER>.<BYTE>.yourdomain.com
format:anything.add<NUMBER>.<0xHEX>.yourdomain.com
format:anything.add<NUMBER>.yourdomain.com
example:dig always.add10.0.yourdomain.com @127.0.0.1
example:dig always.add50000.0xff.yourdomain.com @127.0.0.1
example:dig always.add50000.255.yourdomain.com @127.0.0.1
example:dig always.cut4.add4.yourdomain.com @127.0.0.1
+ +Sample: +``` +# dig always.add50000.255.yourdomain.com @127.0.0.1 + +; <<>> DiG 9.18.10-2-Debian <<>> always.add50000.255.yourdomain.com @127.0.0.1 +;; global options: +cmd +;; Got answer: +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21676 +;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 +;; WARNING: Message has 50000 extra bytes at end + +;; QUESTION SECTION: +;always.add50000.255.yourdomain.com. IN A + +;; ANSWER SECTION: +always.add50000.255.yourdomain.com. 60 IN A 2.3.4.5 + +;; Query time: 0 msec +;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) +;; WHEN: Mon Jul 15 14:53:12 +04 2024 +;; MSG SIZE rcvd: 50068 + +``` +### Recalculate length in TCP (rl) +If the [cut](#cut-n-bytes-from-the-end-of-the-packet-cut) or [add](#add-n-bytes-to-the-end-of-the-packet-add) modifiers were used during a request in TCP, also adjust the length at the beginning of the packet. + + + + + + + +
format:anything.rl.yourdomain.com
example:dig always.adb10.yourdomain.com @127.0.0.1 +tcp
example:dig always.adb10.rl.yourdomain.com @127.0.0.1 +tcp
example:dig size.300.fc.cut00.rl.yourdomain.com @127.0.0.1 +tcp
example:dig size.300.fc.cut64.rl.yourdomain.com @127.0.0.1 +tcp
+ +Sample: +``` +# dig size.300.fc.cut64.rl.yourdomain.com @127.0.0.1 +tcp +;; Warning: Message parser reports malformed message packet. + +; <<>> DiG 9.18.10-2-Debian <<>> size.300.fc.cut64.rl.yourdomain.com @127.0.0.1 +tcp +;; global options: +cmd +;; Got answer: +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27026 +;; flags: qr aa; QUERY: 1, ANSWER: 15, AUTHORITY: 0, ADDITIONAL: 0 + +;; QUESTION SECTION: +;size.300.fc.cut64.rl.yourdomain.com. IN A + +;; ANSWER SECTION: +size.300.fc.cut64.rl.yourdomain.com. 60 IN A 127.0.0.150 +size.300.fc.cut64.rl.yourdomain.com. 60 IN A 127.0.0.35 +size.300.fc.cut64.rl.yourdomain.com. 60 IN A 127.0.0.49 +size.300.fc.cut64.rl.yourdomain.com. 60 IN A 127.0.0.252 +size.300.fc.cut64.rl.yourdomain.com. 60 IN A 127.0.0.154 +size.300.fc.cut64.rl.yourdomain.com. 60 IN A 127.0.0.191 +size.300.fc.cut64.rl.yourdomain.com. 60 IN A 127.0.0.164 +size.300.fc.cut64.rl.yourdomain.com. 60 IN A 127.0.0.179 +size.300.fc.cut64.rl.yourdomain.com. 60 IN A 127.0.0.54 +size.300.fc.cut64.rl.yourdomain.com. 60 IN A 127.0.0.147 +size.300.fc.cut64.rl.yourdomain.com. 60 IN A 127.0.0.254 + +;; Query time: 0 msec +;; SERVER: 127.0.0.1#53(127.0.0.1) (TCP) +;; WHEN: Mon Jul 15 11:01:01 +04 2024 +;; MSG SIZE rcvd: 229 + ``` ### Force compression (fc) Use DNS compression in the response, overriding any DNS compression settings specified in the configuration file. diff --git a/modules/inj01.toml b/modules/inj01.toml index b94b0b0..735acc7 100644 --- a/modules/inj01.toml +++ b/modules/inj01.toml @@ -16,14 +16,14 @@ if req.first_subdomain.startswith("inj01"): injdom = "injected01." + a3rdparty_domain else: injdom = "injected01." + req.sld_tld_domain - if "replq" in req.subdomains: # replace the question with our injected stuffs + if "rpq" in req.subdomains: # replace the question with our injected stuffs orig_req_domain = req.full_domain req.full_domain = injdom - addcustomlog("REPLQ") - if "addq" in req.subdomains: # add additional question for our injected stuffs + addcustomlog("RPQ") + if "adq" in req.subdomains: # add additional question for our injected stuffs resp.QURR = req.QURR+1 addedquestions = convDom2Bin(injdom) + req.type_bin + req.class_bin - addcustomlog("ADDQ") + addcustomlog("ADQ") ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', resp.QURR, 2, 0, 0) ### QUESTION SECTION ######## diff --git a/modules/inj02.toml b/modules/inj02.toml index 1b2d838..cfe338a 100644 --- a/modules/inj02.toml +++ b/modules/inj02.toml @@ -17,14 +17,14 @@ if req.first_subdomain.startswith("inj02"): else: injdom = "injected02." + req.sld_tld_domain ### QUESTION SECTION ######## - if "replq" in req.subdomains: # replace the question with our injected stuffs + if "rpq" in req.subdomains: # replace the question with our injected stuffs orig_req_domain = req.full_domain req.full_domain = injdom - addcustomlog("REPLQ") - if "addq" in req.subdomains: # add additional question for our injected stuffs + addcustomlog("RPQ") + if "adq" in req.subdomains: # add additional question for our injected stuffs resp.QURR = req.QURR+1 addedquestions = convDom2Bin(injdom) + req.type_bin + req.class_bin - addcustomlog("ADDQ") + addcustomlog("ADQ") ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', resp.QURR, 2, 0, 0) ### QUESTION SECTION ######## diff --git a/modules/inj03.toml b/modules/inj03.toml index 6df4803..a58bdda 100644 --- a/modules/inj03.toml +++ b/modules/inj03.toml @@ -16,14 +16,14 @@ if req.first_subdomain.startswith("inj03"): injdom = "injected03." + a3rdparty_domain else: injdom = "injected03." + req.sld_tld_domain - if "replq" in req.subdomains: # replace the question with our injected stuffs + if "rpq" in req.subdomains: # replace the question with our injected stuffs orig_req_domain = req.full_domain req.full_domain = injdom - addcustomlog("REPLQ") - if "addq" in req.subdomains: # add additional question for our injected stuffs + addcustomlog("RPQ") + if "adq" in req.subdomains: # add additional question for our injected stuffs resp.QURR = req.QURR+1 addedquestions = convDom2Bin(injdom) + req.type_bin + req.class_bin - addcustomlog("ADDQ") + addcustomlog("ADQ") ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', resp.QURR, 2, 0, 0) ### QUESTION SECTION ######## diff --git a/modules/inj04.toml b/modules/inj04.toml index 4144778..827d753 100644 --- a/modules/inj04.toml +++ b/modules/inj04.toml @@ -16,14 +16,14 @@ if req.first_subdomain.startswith("inj04"): injdom = "injected04." + a3rdparty_domain else: injdom = "injected04." + req.sld_tld_domain - if "replq" in req.subdomains: # replace the question with our injected stuffs + if "rpq" in req.subdomains: # replace the question with our injected stuffs orig_req_domain = req.full_domain req.full_domain = injdom - addcustomlog("REPLQ") - if "addq" in req.subdomains: # add additional question for our injected stuffs + addcustomlog("RPQ") + if "adq" in req.subdomains: # add additional question for our injected stuffs resp.QURR = req.QURR+1 addedquestions = convDom2Bin(injdom) + req.type_bin + req.class_bin - addcustomlog("ADDQ") + addcustomlog("ADQ") ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', resp.QURR, 2, 0, 0) ### QUESTION SECTION ######## diff --git a/modules/inj05.toml b/modules/inj05.toml index 69e9531..6c76b67 100644 --- a/modules/inj05.toml +++ b/modules/inj05.toml @@ -15,14 +15,14 @@ if req.first_subdomain.startswith("inj05"): injdom = "injected05." + a3rdparty_domain else: injdom = "injected05." + req.sld_tld_domain - if "replq" in req.subdomains: # replace the question with our injected stuffs + if "rpq" in req.subdomains: # replace the question with our injected stuffs orig_req_domain = req.full_domain req.full_domain = injdom - addcustomlog("REPLQ") - if "addq" in req.subdomains: # add additional question for our injected stuffs + addcustomlog("RPQ") + if "adq" in req.subdomains: # add additional question for our injected stuffs resp.QURR = req.QURR+1 addedquestions = convDom2Bin(injdom) + req.type_bin + req.class_bin - addcustomlog("ADDQ") + addcustomlog("ADQ") ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', resp.QURR, 2, 2, 2) ### QUESTION SECTION ######## diff --git a/modules/inj06.toml b/modules/inj06.toml index ed062be..49bac5f 100644 --- a/modules/inj06.toml +++ b/modules/inj06.toml @@ -15,14 +15,14 @@ if req.first_subdomain.startswith("inj06"): injdom = "injected06." + a3rdparty_domain else: injdom = "injected06." + req.sld_tld_domain - if "replq" in req.subdomains: # replace the question with our injected stuffs + if "rpq" in req.subdomains: # replace the question with our injected stuffs orig_req_domain = req.full_domain req.full_domain = injdom - addcustomlog("REPLQ") - if "addq" in req.subdomains: # add additional question for our injected stuffs + addcustomlog("RPQ") + if "adq" in req.subdomains: # add additional question for our injected stuffs resp.QURR = req.QURR+1 addedquestions = convDom2Bin(injdom) + req.type_bin + req.class_bin - addcustomlog("ADDQ") + addcustomlog("ADQ") ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', resp.QURR, 2, 2, 2) ### QUESTION SECTION ######## diff --git a/modules/inj07.toml b/modules/inj07.toml index 36b71a4..72196e1 100644 --- a/modules/inj07.toml +++ b/modules/inj07.toml @@ -15,14 +15,14 @@ if req.first_subdomain.startswith("inj07"): injdom = "injected07." + a3rdparty_domain else: injdom = "injected07." + req.sld_tld_domain - if "replq" in req.subdomains: # replace the question with our injected stuffs + if "rpq" in req.subdomains: # replace the question with our injected stuffs orig_req_domain = req.full_domain req.full_domain = injdom - addcustomlog("REPLQ") - if "addq" in req.subdomains: # add additional question for our injected stuffs + addcustomlog("RPQ") + if "adq" in req.subdomains: # add additional question for our injected stuffs resp.QURR = req.QURR+1 addedquestions = convDom2Bin(injdom) + req.type_bin + req.class_bin - addcustomlog("ADDQ") + addcustomlog("ADQ") ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', resp.QURR, 1, 0, 0) ### QUESTION SECTION ######## diff --git a/modules/inj08.toml b/modules/inj08.toml index c48ff5c..dc8acad 100644 --- a/modules/inj08.toml +++ b/modules/inj08.toml @@ -15,14 +15,14 @@ if req.first_subdomain.startswith("inj08"): injdom = "injected08." + a3rdparty_domain else: injdom = "injected08." + req.sld_tld_domain - if "replq" in req.subdomains: # replace the question with our injected stuffs + if "rpq" in req.subdomains: # replace the question with our injected stuffs orig_req_domain = req.full_domain req.full_domain = injdom - addcustomlog("REPLQ") - if "addq" in req.subdomains: # add additional question for our injected stuffs + addcustomlog("RPQ") + if "adq" in req.subdomains: # add additional question for our injected stuffs resp.QURR = req.QURR+1 addedquestions = convDom2Bin(injdom) + req.type_bin + req.class_bin - addcustomlog("ADDQ") + addcustomlog("ADQ") ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', resp.QURR, 1, 1, 1) ### QUESTION SECTION ######## diff --git a/modules/inj09.toml b/modules/inj09.toml index d0bcaca..6a0f6db 100644 --- a/modules/inj09.toml +++ b/modules/inj09.toml @@ -16,15 +16,15 @@ if req.first_subdomain.startswith("inj09"): targetdom = "injected09." + a3rdparty_domain else: targetdom = "injected09." + req.sld_tld_domain - if "replq" in req.subdomains: # replace the question with our injected stuffs + if "rpq" in req.subdomains: # replace the question with our injected stuffs orig_req_domain = req.full_domain cust_type_bin = getTypeBin("PTR") # replace the question type req.full_domain = injdom - addcustomlog("REPLQ") - if "addq" in req.subdomains: # add additional question for our injected stuffs + addcustomlog("RPQ") + if "adq" in req.subdomains: # add additional question for our injected stuffs resp.QURR = req.QURR+1 addedquestions = convDom2Bin(injdom) + getTypeBin("PTR") + req.class_bin - addcustomlog("ADDQ") + addcustomlog("ADQ") ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', resp.QURR, 1, 1, 1) ### QUESTION SECTION ######## diff --git a/modules/inj10.toml b/modules/inj10.toml index 9f5dc88..15d3bbf 100644 --- a/modules/inj10.toml +++ b/modules/inj10.toml @@ -17,14 +17,14 @@ if req.first_subdomain.startswith("inj10"): injdom = a3rdparty_domain injns = "ns1." + req.sld_tld_domain injnsip = ZONEFILE[injns.lower()]["A"] - if "replq" in req.subdomains: # replace the question with our injected stuffs? + if "rpq" in req.subdomains: # replace the question with our injected stuffs? orig_req_domain = req.full_domain req.full_domain = injdom - addcustomlog("REPLQ") - if "addq" in req.subdomains: # add additional question for our injected stuffs? + addcustomlog("RPQ") + if "adq" in req.subdomains: # add additional question for our injected stuffs? resp.QURR = req.QURR+1 addedquestions = convDom2Bin(injdom) + req.type_bin + req.class_bin - addcustomlog("ADDQ") + addcustomlog("ADQ") ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', resp.QURR, 0, 1, 1) ### QUESTION SECTION ######## diff --git a/modules/inj11.toml b/modules/inj11.toml index 9f69eef..f128a96 100644 --- a/modules/inj11.toml +++ b/modules/inj11.toml @@ -16,14 +16,14 @@ if req.first_subdomain.startswith("inj11"): if "3rdparty" in req.subdomains: # inject a 3rd party domain injns = "ns1." + injdom + "." + req.sld_tld_domain injnsip = ZONEFILE[injns.lower()]["A"] - if "replq" in req.subdomains: # replace the question with our injected stuffs + if "rpq" in req.subdomains: # replace the question with our injected stuffs orig_req_domain = req.full_domain req.full_domain = injdom - addcustomlog("REPLQ") - if "addq" in req.subdomains: # add additional question for our injected stuffs + addcustomlog("RPQ") + if "adq" in req.subdomains: # add additional question for our injected stuffs resp.QURR = req.QURR+1 addedquestions = convDom2Bin(injdom) + req.type_bin + req.class_bin - addcustomlog("ADDQ") + addcustomlog("ADQ") ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', resp.QURR, 0, 1, 1) ### QUESTION SECTION ######## diff --git a/modules/inj12.toml b/modules/inj12.toml index a0d87e7..11548a6 100644 --- a/modules/inj12.toml +++ b/modules/inj12.toml @@ -16,14 +16,14 @@ if req.first_subdomain.startswith("inj12"): injdom = a3rdparty_domain injns = "ns1." + req.sld_tld_domain injnsip = ZONEFILE[injns.lower()]["A"] - if "replq" in req.subdomains: # replace the question with our injected stuffs + if "rpq" in req.subdomains: # replace the question with our injected stuffs orig_req_domain = req.full_domain req.full_domain = injdom - addcustomlog("REPLQ") - if "addq" in req.subdomains: # add additional question for our injected stuffs + addcustomlog("RPQ") + if "adq" in req.subdomains: # add additional question for our injected stuffs resp.QURR = req.QURR+1 addedquestions = convDom2Bin(injdom) + req.type_bin + req.class_bin - addcustomlog("ADDQ") + addcustomlog("ADQ") ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', resp.QURR, 2, 2, 2) ### QUESTION SECTION ######## diff --git a/modules/inj13.toml b/modules/inj13.toml index 228af96..d2dd3fc 100644 --- a/modules/inj13.toml +++ b/modules/inj13.toml @@ -16,14 +16,14 @@ if req.first_subdomain.startswith("inj13"): if "3rdparty" in req.subdomains: # inject a 3rd party domain injns = "ns1." + a3rdparty_domain injnsip = ZONEFILE[injns.lower()]["A"] - if "replq" in req.subdomains: # replace the question with our injected stuffs + if "rpq" in req.subdomains: # replace the question with our injected stuffs orig_req_domain = req.full_domain req.full_domain = injdom - addcustomlog("REPLQ") - if "addq" in req.subdomains: # add additional question for our injected stuffs + addcustomlog("RPQ") + if "adq" in req.subdomains: # add additional question for our injected stuffs resp.QURR = req.QURR+1 addedquestions = convDom2Bin(injdom) + req.type_bin + req.class_bin - addcustomlog("ADDQ") + addcustomlog("ADQ") ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', resp.QURR, 3, 2, 2) ### QUESTION SECTION ######## diff --git a/modules/inj14.toml b/modules/inj14.toml index 78d8df2..0dad01e 100644 --- a/modules/inj14.toml +++ b/modules/inj14.toml @@ -16,14 +16,14 @@ if req.first_subdomain.startswith("inj14"): else: injdom = "injected14." + req.sld_tld_domain targetdom = "always" + str(random.getrandbits(20) % 1000000) + "." + req.sld_tld_domain - if "replq" in req.subdomains: # replace the question with our injected stuffs + if "rpq" in req.subdomains: # replace the question with our injected stuffs orig_req_domain = req.full_domain req.full_domain = injdom - addcustomlog("REPLQ") - if "addq" in req.subdomains: # add additional question for our injected stuffs + addcustomlog("RPQ") + if "adq" in req.subdomains: # add additional question for our injected stuffs resp_QUESTIONS = struct.pack(">H", resp.noq+1) addedquestions = convDom2Bin(injdom) + req.type_bin + req.class_bin - addcustomlog("ADDQ") + addcustomlog("ADQ") ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', resp.QURR, 1, 1, 1) ### QUESTION SECTION ######## diff --git a/polardns.py b/polardns.py index 610841b..387bc8d 100644 --- a/polardns.py +++ b/polardns.py @@ -895,28 +895,34 @@ def send_buf(self, buffer, totallen = 0): print("Custom length:", resp.len) if debug else True time.sleep(resp.sleep) + append = b'' + if hasattr(resp, "addbyte"): + append = os.urandom(resp.addcount) if resp.addbyte == "r" else bytes([resp.addbyte] * resp.addcount) + + newlen = len(buffer) - getattr(resp, 'cutcount', 0) + newbuffer = buffer[:max(newlen, 0)] + append + # UDP mode if proto == "udp": - # If '.cutXXX.' modifier specified, cut the buffer from the end - newlen = len(buffer) - getattr(resp, 'cut', 0) - self.wfile.write(buffer[:max(newlen, 0)]) + self.wfile.write(newbuffer) self.wfile.flush() return # TCP mode - # In TCP mode, we need to prepend the packet with a 2-byte length field. # The length can be determined by one of the following methods: # - Overridden length specified by the '.lenXXX.' modifier in the domain name # - Overridden length provided as a parameter to this function # - Calculated from the buffer length if neither of the above is provided - tocalc = resp.len or totallen or len(buffer) - newbuf = struct.pack(">H", tocalc) + buffer + buflen = resp.len or totallen or len(buffer) + if hasattr(resp, "cutcount"): + buflen -= resp.rl * resp.cutcount # adjust the length + if hasattr(resp, "addbyte"): + buflen += resp.rl * resp.addcount # adjust the length try: - # If '.cutXXX.' modifier specified, cut the buffer from the end - newlen = len(newbuf) - getattr(resp, 'cut', 0) - self.request.sendall(newbuf[:max(newlen, 0)]) - except: + self.request.sendall(struct.pack(">H", buflen) + newbuffer) + except Exception as e: + print(f"Error sending buffer: {e}") return(-1) ################################ @@ -1218,6 +1224,8 @@ def process_DNS(self, req): # nfz - enable name fuzzer which can generate various illegal # and malformed domain names # cut - cut N bytes from the end of the packet e.g.: .cut10. + # add - add N bytes to the end of the packet e.g.: .add10.byte. + # rl - recalculate length in TCP ('cut' and 'add' modifiers) # qurr - set custom number of Questions in the DNS header # anrr - set custom number of Answer RRs in the DNS header # aurr - set custom number of Authority RRs in the DNS header @@ -1227,6 +1235,7 @@ def process_DNS(self, req): resp.sleep = config_sleep resp.TTL = config_ttl resp.len = 0 + resp.rl = 0 # recalculate length in TCP (in case cut/add is used) resp.noq = req.QURR # number of questions resp.QURR = req.QURR # number of questions @@ -1247,56 +1256,40 @@ def process_DNS(self, req): ####################### elif label.startswith("len"): # TCP length override if label[3:].isnumeric(): - n = int(label[3:]) - if n > 65535: n = 65535 - resp.len = n + resp.len = min(int(label[3:]), 65535) ####################### elif label == "newid": # new random transaction ID resp.ID = struct.pack(">H", random.getrandbits(16)) addcustomlog("NEWID") ####################### elif label.startswith("flgs"): # set custom flags in the DNS header - if label[4:].isnumeric(): - n = int(label[4:]) - if n > 65535: n = 65535 - resp.FLGS = struct.pack(">H", n) - addcustomlog("FLGS:" + hex(n)) - elif label[4:6] == "0x": - n = int(label[6:], base=16) - if n > 65535: n = 65535 - resp.FLGS = struct.pack(">H", n) - addcustomlog("FLGS:" + hex(n)) - elif label[4:8] == "rand": - n = random.getrandbits(16) - resp.FLGS = struct.pack(">H", n) - addcustomlog("FLGS:" + hex(n)) + flgs = label[4:] + if flgs.isnumeric(): + resp.FLGS = struct.pack(">H", min(int(flgs), 65535)) + elif flgs[:2] == "0x": + resp.FLGS = struct.pack(">H", min(int(flgs[2:], base=16), 65535)) + elif flgs == "r": + resp.FLGS = struct.pack(">H", random.getrandbits(16)) + addcustomlog("FLGS:" + flgs) ####################### elif label.startswith("qurr"): # set custom number of questions in the DNS header if label[4:].isnumeric(): - n = int(label[4:]) - if n > 65535: n = 65535 - resp.QURR = n + resp.QURR = min(int(label[4:]), 65535) addcustomlog("QURR:" + str(resp.QURR)) ####################### elif label.startswith("anrr"): # set custom number of answer RR in the DNS header if label[4:].isnumeric(): - n = int(label[4:]) - if n > 65535: n = 65535 - resp.ANRR = n + resp.ANRR = min(int(label[4:]), 65535) addcustomlog("ANRR:" + str(resp.ANRR)) ####################### elif label.startswith("aurr"): # set custom number of authority RR in the DNS header if label[4:].isnumeric(): - n = int(label[4:]) - if n > 65535: n = 65535 - resp.AURR = n + resp.AURR = min(int(label[4:]), 65535) addcustomlog("AURR:" + str(resp.AURR)) ####################### elif label.startswith("adrr"): # set custom number of additional RR in the DNS header if label[4:].isnumeric(): - n = int(label[4:]) - if n > 65535: n = 65535 - resp.ADRR = n + resp.ADRR = min(int(label[4:]), 65535) addcustomlog("ADRR:" + str(resp.ADRR)) ####################### elif label == "noq": # remove the question from the response query section @@ -1306,8 +1299,8 @@ def process_DNS(self, req): elif label.startswith("nfz"): # enable name fuzzer if label[3:].isnumeric(): resp.nfz = int(label[3:]) # the variant - if req.subdomains_lc[index+1].isnumeric(): # does the next subdomain contain only a number? - resp.nfz_sv = int(req.subdomains_lc[index+1]) # if yes, then it is a sub-variant + if req.subdomains[index+1].isnumeric(): # does the next subdomain contain only a number? + resp.nfz_sv = int(req.subdomains[index+1]) # if yes, then it is a sub-variant addcustomlog("NFZ:" + str(resp.nfz) + "." + str(resp.nfz_sv)) else: addcustomlog("NFZ:" + str(resp.nfz)) @@ -1322,9 +1315,23 @@ def process_DNS(self, req): addcustomlog("FC") ####################### elif label.startswith("cut"): # cut N bytes from the end of the packet - if label[3:].isnumeric(): - resp.cut = int(label[3:]) # how many bytes to cut - addcustomlog("CUT:" + str(resp.cut)) + resp.cutcount = int(label[3:]) if label[3:].isnumeric() else 0 + addcustomlog("CUT:" + str(resp.cutcount)) + ####################### + elif label.startswith("add"): # add N bytes to the end of the packet + resp.addcount = int(label[3:]) if label[3:].isnumeric() else 0 + next_subdom = req.subdomains[index+1] + if next_subdom.isnumeric(): + resp.addbyte = min(int(next_subdom), 255) + elif next_subdom.startswith("0x"): + resp.addbyte = min(int(next_subdom[2:], 16), 255) + else: + resp.addbyte = "r" + addcustomlog("ADD:" + str(resp.addcount) + "." + str(resp.addbyte)) + ####################### + elif label == "rl": # recalculate length in TCP + resp.rl = 1 # in case 'cut' or 'add' was used + addcustomlog("RL") ####################### # DO NOT REMOVE (additional modifiers) ####################### diff --git a/test/test.sh b/test/test.sh index c156a56..3ccd9a8 100755 --- a/test/test.sh +++ b/test/test.sh @@ -97,6 +97,10 @@ runtest() { echo " \\ expected $exp" echo " \\_______ got $out" echo "runtest \"${dom}\" \"${out}\"" + #$0 runtest "${dom}" "${exp}" + #echo + #echo + #echo if [ $((nofail)) -eq 1 ]; then exit 1; fi else echo "PASSED ${cmd}" @@ -170,6 +174,35 @@ fi ####################################### +# flags +runtest "always.flgs0x8403.${domain}" "d1617162d18adbb193d141cbca0a7541" +runtest "always.flgs33795.${domain}" "b492c284a2286b59c823f5c0c62da836" +runtest "always.flgs.${domain}" "29ab00e4bf7989f7b58f3d88272fe0a7" +runtest "always.flgsbad.${domain}" "0a23287f9be9d8900bb344ac0568b53f" +runtest "always.flgs12345bad.${domain}" "e91585efe42730b7b0f1eadcb54195a4" + +# add/cut bytes +runtest "always.cut4.add4.0.${domain}" "6bd06b0d573bf37b53aeee39ea16e9ee" +runtest "always.cut4.add4.0xff.${domain}" "a181f5c84fd254b1300f85195253a7a5" +runtest "always.cut4.add4.255.${domain}" "c6c965803e4a250095ee2c3d696c511c" +runtest "+tcp always.cut4.add4.0.${domain}" "1cea29f35853307d3ab3cef27d4650d1" +runtest "+tcp always.cut4.add4.0xff.${domain}" "6a80a57324b0374ffe6337ae92d15bb6" +runtest "+tcp always.cut4.add4.255.${domain}" "15dcdb08de35b0d2a63d7df9fa5952c9" +runtest "always.add1.0.${domain}" "8f74e141b979093c048187b1a812866d" +runtest "always.add1.0x1.${domain}" "ab757539a6cad3205d9b0301ec09e983" +runtest "always.add1.r.${domain}" "916d172542db7a7c3fb96b70ebcdd3e1" +runtest "+tcp always.add1.0.${domain}" "fb7abc1b962c6c79ba6b97c388c29ea2" +runtest "+tcp always.add1.0x1.${domain}" "111b8456577b7c7db9038e99e41a30a7" +runtest "+tcp always.add1.r.${domain}" "537f3c5ed72b9e0f9ae0e5b4cfc14bb4" +runtest "+tcp always.rl.add1.0.${domain}" "d616ab3eba1ce678a32eeded8a48cd2e" +runtest "+tcp always.rl.add1.0x1.${domain}" "54249867bbd34ebfbc41acc9814d5b30" +runtest "+tcp always.rl.add1.r.${domain}" "7e6fb96af293abab1e9c80450df2dc0d" +runtest "always.add.${domain}" "1bfa33bd84c350d9970d4eeaf5a4b32d" +runtest "always.addbad.${domain}" "c4a6f9d9d2ebc1786b7ad4f8db0b9a12" +runtest "always.add10bad.${domain}" "7f1303f3af4e6dc044c682bb61d1fc3d" +runtest "always.cut.${domain}" "340abba7ed63f043965100db6d6881de" +runtest "always.cutbad.${domain}" "84912147089ef386429fd4014cd60cd9" +runtest "always.cut10bad.${domain}" "d8b2a4393deac550b758a3c565dc0bf0" # size.toml runtest "size.512.fc.${domain}" "50098dd38cfb8761d83896d6502dae16" @@ -880,32 +913,32 @@ runtest "always123.qurr0.noq.nc.${domain}" "5ecdbf46c0ac8ecba48e0ea42948c4c0" runtest "always123.qurr0.noq.fc.${domain}" "ff131325546ed21029a91e8fad2326a6" runtest "always123.qurr3.${domain}" "16477486e5f45f4db023d40f742206ea" runtest "always123.newid.${domain}" "fb41ffb8a1d54f86d65748bc0df1e135" -runtest "inj01.addq.${domain}" "ad1c5ade6c80c4cd70afdc4ba58be6d2" -runtest "inj02.addq.${domain}" "1299a66b4da9c55590edc86c02accdc8" -runtest "inj03.addq.${domain}" "d4cf578332cdc78c2c70a6c7b49de5ec" -runtest "inj04.addq.${domain}" "9a1444c88cc704b5fcb0f85ca95bf31a" -runtest "inj05.addq.${domain}" "09377ca32be565aa392842e98b975ade" -runtest "inj06.addq.${domain}" "c8b6743ce322339980f01e81dccb0d58" -runtest "inj07.addq.${domain}" "d911d2432d7e8bbc10c4a4c81c66b929" -runtest "inj08.addq.${domain}" "239b140df2a42bbdb4250b1e46475a3a" -runtest "inj09.addq.${domain}" "833b3354ad67c6306e6e0145e67b0d03" -runtest "inj10.addq.${domain}" "45fecb93cf976d2e71942d0c379ef7ca" -runtest "inj11.addq.${domain}" "4a1b179b292a61ab4d45328255977a2c" -runtest "inj12.addq.${domain}" "45fecb93cf976d2e71942d0c379ef7ca" -runtest "inj13.addq.${domain}" "4a1b179b292a61ab4d45328255977a2c" -runtest "inj01.replq.${domain}" "33db40ddafa4be3c79db7cd6dee37549" -runtest "inj02.replq.${domain}" "90d6af9e4822e55f96f391bc23b2934e" -runtest "inj03.replq.${domain}" "09a6f94a841bdc2ecdb19c905856e547" -runtest "inj04.replq.${domain}" "c96263e35a9a022d37d70bb4f3e30c06" -runtest "inj05.replq.${domain}" "cba4895c38836e2022a3dabbe4f9e787" -runtest "inj06.replq.${domain}" "47c21677848cb71b9c1c3b164e49e48e" -runtest "inj07.replq.${domain}" "74e4563e21868bee8894873f70e56056" -runtest "inj08.replq.${domain}" "fb2d49b9e184c0767515e3a86117c572" -runtest "inj09.replq.${domain}" "c6c05bdc45cdb9b639ea43b107b045c0" -runtest "inj10.replq.${domain}" "da2f80983531ae73d76f37f3ca5b8cc9" -runtest "inj11.replq.${domain}" "e29435ba118b222973421d89e064a82e" -runtest "inj12.replq.${domain}" "da2f80983531ae73d76f37f3ca5b8cc9" -runtest "inj13.replq.${domain}" "e29435ba118b222973421d89e064a82e" +runtest "inj01.adq.${domain}" "ad1c5ade6c80c4cd70afdc4ba58be6d2" +runtest "inj02.adq.${domain}" "1299a66b4da9c55590edc86c02accdc8" +runtest "inj03.adq.${domain}" "d4cf578332cdc78c2c70a6c7b49de5ec" +runtest "inj04.adq.${domain}" "9a1444c88cc704b5fcb0f85ca95bf31a" +runtest "inj05.adq.${domain}" "09377ca32be565aa392842e98b975ade" +runtest "inj06.adq.${domain}" "c8b6743ce322339980f01e81dccb0d58" +runtest "inj07.adq.${domain}" "d911d2432d7e8bbc10c4a4c81c66b929" +runtest "inj08.adq.${domain}" "239b140df2a42bbdb4250b1e46475a3a" +runtest "inj09.adq.${domain}" "833b3354ad67c6306e6e0145e67b0d03" +runtest "inj10.adq.${domain}" "45fecb93cf976d2e71942d0c379ef7ca" +runtest "inj11.adq.${domain}" "4a1b179b292a61ab4d45328255977a2c" +runtest "inj12.adq.${domain}" "45fecb93cf976d2e71942d0c379ef7ca" +runtest "inj13.adq.${domain}" "4a1b179b292a61ab4d45328255977a2c" +runtest "inj01.rpq.${domain}" "33db40ddafa4be3c79db7cd6dee37549" +runtest "inj02.rpq.${domain}" "90d6af9e4822e55f96f391bc23b2934e" +runtest "inj03.rpq.${domain}" "09a6f94a841bdc2ecdb19c905856e547" +runtest "inj04.rpq.${domain}" "c96263e35a9a022d37d70bb4f3e30c06" +runtest "inj05.rpq.${domain}" "cba4895c38836e2022a3dabbe4f9e787" +runtest "inj06.rpq.${domain}" "47c21677848cb71b9c1c3b164e49e48e" +runtest "inj07.rpq.${domain}" "74e4563e21868bee8894873f70e56056" +runtest "inj08.rpq.${domain}" "fb2d49b9e184c0767515e3a86117c572" +runtest "inj09.rpq.${domain}" "c6c05bdc45cdb9b639ea43b107b045c0" +runtest "inj10.rpq.${domain}" "da2f80983531ae73d76f37f3ca5b8cc9" +runtest "inj11.rpq.${domain}" "e29435ba118b222973421d89e064a82e" +runtest "inj12.rpq.${domain}" "da2f80983531ae73d76f37f3ca5b8cc9" +runtest "inj13.rpq.${domain}" "e29435ba118b222973421d89e064a82e" runtest "close.${domain}" "7fa9178ec0e6fd5c809bb2a00fbe6e81" runtest "empty2.${domain}" "bcb6a2f9baa932bbaab2cdcc1d76a2d5" runtest "empty2.65500.${domain}" "69690434fcdc96e4083c718fe0027d22"