Shulou(Shulou.com)06/02 Report--

Editor to share with you how to use lodine to build DNS tunnel, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

I recently set up a DNS tunnel on one of my VPS. This technique is useful for bypassing captive portals (forced login portals), filters, and so on. Because DNS is an indispensable and important service for the Internet, port 53 data traffic is usually released in and out of most networks.

Although sometimes these DNS requests are limited to whitelisted servers or specific domains, you will usually find that DNS is almost unrestricted, and if we can control both ends of the pipe, then we can transfer data through tunnels.

We can set up a SSH server or other similar server on port 53, but in some cases the ssh protocol will be filtered, causing tunnel establishment to fail. Therefore, building a tunnel through DNS is our best choice.

Iodine

To do this, we will use a tool called iodine. Iodine is a DNS tunnel manufacturing tool, which can establish an IPv4 data channel for us through a DNS server. This tool is often used by penetration testers in scenarios such as firewall bypass.

Iodine consists of a DNS daemon (daemon) that we run on the server, which listens for incoming DNS requests and unpacks tunnel data. In addition, we have a client that handles the other end of the tunnel.

Register the DNS server

The first thing we need to do is register our server as a DNS server. To do this, we need a domain name. There are some very cheap domain names on GoDaddy and privacy options are supported. This also avoids our personal details, which can be easily found through whois.

After obtaining the domain name, we must configure the NS record for it in the domain name control panel, for example:

T1 IN NS ourdomain.com. ; note the dot!

If you already have a ready-made domain and want your iodine server to be able to use other servers, you can first set up the subdomain and register the IP of the iodine server, and then point your NS record to this subdomain.

T1 IN NS t1ns.ourdomain.com. T1ns IN A sets daemon (daemon)

The next thing we need to do is install iodine on the server. If your current system is a debian-based distribution, you can use the apt install iodine command to install it as I did.

Run iodine daemon using the following command:

Iodined-fcP secretpassword 10.0.1.1 ourdomain.com

-f runs at the front desk

-c disable checking client IP addresses for all incoming requests

-P details of the shared key used for authentication between the secretpassword client and server

10.0.1.1 is the IP that the server will provide on the tun interface client. The client will give the next IP within this range.

Ourdomain.com is the domain name of the DNS server we set up earlier.

If you want to set iodine to run at startup, you can enable the service using the following command:

Update-rc.d iodine enable

And

Service iodine start

To start the service. But you will find that the startup will fail at this time. To start the service smoothly, we must set the daemon parameter in the / etc/defaults/iodine file, as follows:

START_IODINED true

IODINED_ARGS-c 10.0.1.1 ourdomain.com

IODINED_PASSWORD secretpassword

Configuration check

After the basic configuration is complete, we can check whether our configuration is correct through the iodine check page.

If the configuration is correct but still does not work properly, check to see if the traffic has been captured by the firewall on the server.

Run the client

On the client machine, we just need to run the iodine client. The installation method for iodine is the same as above, and then run:

Iodine-fP secretpassword ourdomain.com

You should be able to see output messages like Connection setup complete and transmitting data.

DNS tunnel has been successfully established!

Set up proxy

In order for our browser or other tools to use tunneling, we must set up proxies. We will use SSH dynamic port forwarding to create a SOCKS proxy locally, and all data traffic will use DNS tunnel and connect to our server through SSH.

Set up the proxy with the following command:

Ssh-N-D 8080 user@10.0.1.1

-N instructs SSH not to start shell because we just want to create an agent

-D sets dynamic port forwarding, SOCKS proxy port is 8080

User users on our server

10.0.1.1 iodine server on the tun interface

Once the setup is complete, we can use the proxy in the browser. For example, we can use FoxyProxy in Firefox or Chrome. If all goes well, you should be able to check your IP in your browser and get your server's IP.

The above is all the contents of the article "how to build a DNS tunnel with lodine". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.