TCP over DNS

December 11, 2014

I always found it annoying that you couldn't use the WiFi on planes for free. It turns out that they allow DNS traffic through (e.g. the domain you're trying to visit gets resolved to an IP address). So you can piggyback TCP off this DNS traffic and get free internet on planes. All you nede is a server (on the ground, with a static IP, always connected to the internet that you can tunnel to).

read more Note: after revisiting this 6/24/22, here were the commands that worked. This is kind of specific to my config, but should be pretty easily generalizable. The other guides tended to overexplain.


# setup the DNS config
(NS) tunnel.joepucc.io nameserver.joepucc.io.
(A) nameserver.joepucc.io 67.205.175.57

# you'll want to enable port 53 communication on the server
sudo ufw allow 53 

# check with 
sudo ufw status

# check it with 
https://code.kryo.se/iodine/check-it/

# install iodine on client and server-
# download from here: https://github.com/yarrick/iodine
# may need the following on the server
sudo apt install zip
unzip [zip file]

# on client and server cd into fold run
run make install

# then on server run
sudo /usr/sbin/iodined -f -P -c [a password] 10.0.0.10 tunnel.joepucc.io

# on client run 
sudo /usr/local/sbin/iodine -f -P [same password] tunnel.joepucc.io
ssh -ND 1080 [username on server]@10.0.0.10

# to test, on client run (IP that comes back should be that of your server)
curl -x socks5h://127.0.0.1:1080 http://httpbin.org/ip

# which you can get (necessarily because DNS traffic works) with
dig joepucc.io

# tor it seems might be the best browser to use, setup the proxy settings there. 
# was having trouble with firefox and chrome with connections timing out. 
# you can use https://tlk.io to create a lightweight chatroom and have the other person join
# before getting on the plane

# A more rudimentary approach to talk to one person, say a loved one, is to use netcat
# I believe this approach would work. Instead of running ssh -ND 1080 [username on server]@10.0.0.10
# you should run
ssh -D 1080 [username on server]@10.0.0.10

# which should give you SSH access to your server
# then you should install netcat
sudo apt-get -y install netcat

# on the person you want to talk to, install netcat 
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
echo 'eval "$(/opt/homebrew/bin/brew shellenv)"' >> ~/.zprofile
brew install netcat

# on the server run 
nc -l -k -p 8080

# on the client run 
nc joepucc.io 8080

# then start typing to each other

Original notes below:

Resources and Instructions

Guide Link: http://mmaton.com/2013/01/dns-tunnelling-made-simple/

Server side notes:

Should need to point the domain to the server.

iodined -f -c -P [redacted] 10.0.0.1 tunnel.needtowrite.com

tcp-dns.sh

#one step necessary for server: 
#just need to run iodined -f -c -P [redacted] 10.0.0.1 tunnel.needtowrite.com

#four steps necessary for clients:

#1. Install Iodine (first time only)
#To install Iodine, you just run 'apt-get install iodine'. You'll need a real 
#TCP (internet) connection in order for this to work. 

#2. Start Iodine 
#Just run the command below
sudo iodine -f -P [redacted] tunnel.needtowrite.com

#3. Do some redirection shit/SSH tunnel/magic. 
#Just run the command below
sudo ssh -D 1080 -f -C -q -N root@10.0.0.1 -p 22
#preferably, exclude -f and -q. If you run into trouble with the host key
#and you're in a VM and can't get to the root folder to 
#delete the key, do sudo -i, then try getting to the hosts file. 

#4. Configure Firefox to direct all traffic through Iodine
#Open Firefox, go to the URL bar and type "about:config", 
#then proceed through the warning. Then search for the following 
#settings (left column) and change the value (right column) 
#to what's listed. 

# network.proxy.socks				127.0.0.1
# network.proxy.socks_port			1080
# network.proxy.socks_remote_dns	true
# network.proxy.socks_version		5
# network.proxy.type				1


#Now just try to load Google.com in Firefox!!!