Skip to content

v1.2.0

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 24 Oct 10:32
· 4 commits to main since this release
v1.2.0
8d91a99

Version 1.2.0 overhauls the router advertisement logic and introduces new attack modes: Stateless DNS takeover via the RDNSS option in router advertisements (RFC 6106) without DHCPv6 being involved, as well as a hybrid mode with DHCPv6 still enabled as a fallback. When setting --stateless-ra, the router advertisements do not advertise a DHCPv6 server anymore but immediately set a DNS server nonetheless. By default, the DHCPv6 server still stays enabled to answer requests that come in regardless of the RA flags. This hybrid mode can be disabled via --no-dhcp for a pure stateless DNS takeover.

The stateless DNS takeover has the advantage that the DNS server configuration is actively pushed out via RA instead of pulled via DHCPv6 by the clients. Another advantage is that pretender does not need to assign IPv6 addresses (when hybrid mode is disabled) and thus leaves less of a footprint. Finally, the DNS server is immediately removed from the clients as soon as they receive the de-advertisement that is sent when pretender is stopped.

The downside of stateless DNS takeover is that pretender cannot control who receives the DNS server such that --spoof-for and --dont-spoof-for cannot be honored during this step, only later when receiving DNS queries. To avoid disturbing clients unintentionally, it is recommended to use --delegate-ignored-to in conjunction with --spoof and --dont-spoof in stateless mode (pretender will suggest this in a warning when using --spoof-for/--dont-spoof-for).

Here is the full change list:

  • pretender now supports stateless DNS takeover via RDNSS option in router advertisements (RFC 6106) without DHCPv6 as well as a hybrid mode (--stateless-ra, hybrid mode can be disabled with --no-dhcp).
  • pretender now responds to router solicitations with a solicited router advertisement if router advertisements are enabled.
  • Router advertisements now include the DNS server address (if enabled).
  • The default value for --router-lifetime was changed to 0 to avoid unnecessarily advertising as a gateway.
  • If router advertisements are enabled, a de-advertisement is now sent before terminating regardless of the configured --router-lifetime.
  • DHCPv6 T1 and T2 values are now dynamically computed based on --lease-lifetime.
  • All dependencies were updated.
Assets 9
Loading