Tunneling your connection over DNS

Tunneling traffic over DNS

Disclaimer: I am not responsible for any misuse of this tool and any malice you decide to commit with it. This article was written to educate security professionals about covert channels used to circumvent traffic filtering/blocking. 

Writing a brief post about how to tunnel traffic over DNS. Nothing fancy, just using a tool to get the job done. DNS tunneling is nothing new. It has been around for a while see https://dankaminsky.com/2004/07/29/51/. 

Why would you want to tunnel your machine's traffic over DNS? 

DNS tunneling can be used for many things but not limited to the following:

• Covert channel to hide traffic
• Getting around pay walls(captive portals) at airports or public wifi spots
• Exfilling data from a corporate environment 
• Tunneling a protocol which is blocked in your environment (like SSH)

Some downsides of using DNS as a communications channel are the following:

• Slow and inefficient. DNS traffic has limited bandwidth.
• UDP is used as the protocol for it's packets

To the first point, transfer limit is stated in RFC2035 https://tools.ietf.org/html/rfc1035#section-4.2.1. If the packets are too big, they will be fragmented (which may tip off a admin/analyst viewing the traffic). 

To the second point, UDP does not guarantee delivery of packet to the recipient like TCP. It is a fire and forget protocol. This means the acknowledging and retransmission of the data which may have been dropped needs to be handled by the application (in this case the tunneling tool). 

Demo and tool test

I wanted to test a tool I recently found which does exactly this (along with the use of other protocols). The tool is called XFLTReaT https://github.com/earthquake/XFLTReaT. 

What it does is 

I recorded a video on setting up the tool, running it and tunneling HTTP traffic between two linux machines. Link to the video is below. Enjoy your tunneling!