CNIT 40 Proj 2x: DNSCrypt (15 pts.)

What you need

Purpose

First you'll observe normal DNS traffic, and see how it compromises your privacy by sending domain names over the network in plaintext.

After installing a DNSCrypt client, you'll see that some private DNS traffic is now encrypted.

Viewing Normal DNS Traffic

In Kali, in a Terminal window, execute this command:
wireshark
A box pops up saying "Lua error during loading". Click OK.

Open Wireshark. On the left side of the screen, click any, as shown below, and click Start.

At the top of the Wireshark window, in the Filter: bar, enter this code:

frame contains facebook && dns
Press Enter.

Now Wireshark will only show DNS traffic containing "facebook".

Open the Firefox web browser and go to

facebook.com

Wireshark should show DNS traffic resolving domain names at facebook, as shown below. You may need to expand the window, or scroll sideways, to see it.

From the Wireshark menu bar, click Capture, Stop.

Saving a Screen Image

Make sure Wireshark is visible, showing facebook in the captured packets.

Capture a whole-desktop image.

Save the image with the filename "Your Name Proj 2xa". Use your real name, not the literal text "Your Name".

YOU MUST SUBMIT AN IMAGE OF THE WHOLE DESKTOP TO GET FULL CREDIT!

Privacy Implications

This is pretty nasty--anyone who inspects network traffic can see what sites each person is visiting anytime. Monitoring DNS is a common technique used to catch employees doing forbidden Web surfing at work. To maintain privacy, this traffic should be encrypted, but the DNS protocol doesn't include that option.

Downloading and Installing a DNSCrypt Client

For 32-bit Linux, execute these commands in a Terminal window: 
wget https://download.dnscrypt.org/dnscrypt-proxy/binaries/linux/dnscrypt-proxy-i486-linux-musl.tar.gz

tar xzf dnscrypt-proxy-i486-linux-musl.tar.gz
For 32-bit Linux, execute these commands in a Terminal window: 
wget https://download.dnscrypt.org/dnscrypt-proxy/binaries/linux/dnscrypt-proxy-x86_64-linux-musl.tar.gz

tar xzf dnscrypt-proxy-i486-linux-musl.tar.gz

cd dnscrypt-proxy

./installer.sh

/opt/dnscrypt-proxy/i486-linux-musl/bin/dnscrypt-proxy /opt/dnscrypt-proxy/i486-linux-musl/etc/dnscrypt-proxy.conf

Restarting Packet Capturing

In Wireshark, from the menu bar, click Capture, Start. Click "Continue without Saving".

At the top of the Wireshark window, in the Filter: bar, enter this code:

frame contains kitten && dns
Press Enter.

Now Wireshark will only show DNS traffic containing "kitten".

In a Terminal window, execute this command:

dig @127.0.0.1 kittenwar.com

Wireshark shows DNS requests for kitten-related domains, but they aren't leaving your computer--they are going to 127.0.0.1, which is your own machine, as shown below.

From the Wireshark menu bar, click Capture, Stop.

Viewing DNSCrypt Packets

At the top of the Wireshark window, in the Filter: bar, enter this code:
udp.port == 443
Press Enter.

Wireshark now shows the DNSCrypt packets, as shown below. The domain names are encrypted and unreadable.

Saving a Screen Image

Make sure these items are visible:

Capture a whole-desktop image.

Save the image with the filename "Your Name Proj 2xb". Use your real name, not the literal text "Your Name".

YOU MUST SUBMIT AN IMAGE OF THE WHOLE DESKTOP TO GET FULL CREDIT!

Turning in your Project

Send the image to: cnit.40@gmail.com with a subject line of "Proj 2x From Your Name", replacing Your Name with your own first and last name. Send a Cc to yourself.

Source

How install and configure DNSCRYPT linux
Revised 12-5-17 by Sam Bowne