利用 dns 实现 app简易抓包

场景：对H5打包的 app实现抓包

环境：centos 8

follow the guide: https://www.linuxtechi.com/setup-bind-server-centos-8-rhel-8/

How to Setup DNS Server (Bind) on CentOS 8 / RHEL8

step 1-2

then 

https://docstore.mik.ua/orelly/networking_2ndEd/dns/ch07_05.htm

7.5. Logging in BIND 8 and 9 docstore.mik.ua/orelly/networking_2ndEd/dns/ch07_05.htm

 

[root@uatdns01 ~]# cat /etc/named/named.conf
options {
// listen-on port 53 { any; }; // listen-on-v6 port 53 { ::1; };              directory "/var/named";
             dump-file "/var/named/data/cache_dump.db";
             statistics-file "/var/named/data/named_stats.txt";
              memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { any; };               recursion yes;
              forward first;
 forwarders { #即访问非kevin.cn域名时将解析转发到这几个DNS地址(分别为阿里的DNS、google的DNS)上进行解析。 223.5.5.5; #注意这里转发的是DNS地址，没有指定DNS转发域名。 223.6.6.6; 8.8.8.8; 8.8.4.4; };
};

  logging {
        channel default_debug {
        file "data/named.run";
        severity dynamic;
        };
        channel my_file {
        file "log.msgs"; severity dynamic;
        };
        category default { null; };
        category queries {
        my_file;
        };
  };

 

 

# systemctl restart named

 

在手机端设置wifi dns

https://zhuanlan.zhihu.com/p/71385781

在服务器端可看到 dns解析日志

[root@iZ8vb1v402ygt7xht0rt2fZ ~]# tail -f /var/named/log.msgs
client @0x7f48b4038490 220.194.172.244#7689 (query.hicloud.com): query: query.hicloud.com IN A + (172.27.189.30)
client @0x7f48bc0c5210 220.194.172.244#7752 (cqs-drcn.emui.hicloud.com): query: cqs-drcn.emui.hicloud.com IN A + (172.27.189.30)
client @0x7f48bc051610 220.194.172.244#7753 (stores1.hispace.hicloud.com): query: stores1.hispace.hicloud.com IN A + (172.27.189.30)
client @0x7f48beed86c0 220.194.172.244#7754 (dns.weixin.qq.com): query: dns.weixin.qq.com IN A + (172.27.189.30)
client @0x7f48b4034650 162.219.179.138#54179 (VERSION.BIND): query: VERSION.BIND CH TXT + (172.27.189.30)
client @0x7f48b4034650 220.194.172.244#7755 (aqv.hicloud.com): query: aqv.hicloud.com IN A + (172.27.189.30)
client @0x7f48beec3250 220.194.172.244#7756 (www.taobao.com): query: www.taobao.com IN A + (172.27.189.30)
client @0x7f48b4038490 220.194.172.244#7757 (configsvr.msf.3g.qq.com): query: configsvr.msf.3g.qq.com IN A + (172.27.189.30)
client @0x7f48bc0c5210 220.194.172.244#7758 (data.hicloud.com): query: data.hicloud.com IN A + (172.27.189.30)
client @0x7f48bc051610 220.194.172.244#7759 (audid-api.taobao.com): query: audid-api.taobao.com IN A + (172.27.189.30)

 

 

要想用户在web端看到，需要写段web代码：