a proof of concept for exfiltrating files over dns using a custom client and server. the client encodes and transmits file content via dns queries, while the server decodes and reconstructs the files.
Figure: Diagram explaining DNS Tunneling – a method of bypassing network restrictions by encapsulating data within DNS queries and responses.
tested on linux; some features are currently linux-specific. cross-platform support and a better client build process are in progress.
- base32-encoded payloads embedded in dns queries
- chunked file transmission with ordered reconstruction
- server-side reconstruction triggered by control message (
!rebuild!) - supports exfiltration of multiple files per session
- works across platforms (linux, macos, windows)
.
├── client.py # sends file chunks over dns
├── server.py # receives and reconstructs files
├── dumped_data/ # output directory for reconstructed files
├── testing_data/ # example input files to test exfiltration
└── readme.md
- the client reads and base64-encodes a file.
- the payload is chunked and formatted as:
filename|--chunk_index|--chunk_data - each chunk is base32-encoded and sent via a dns a record query.
- the server listens on port 53, parses incoming queries, and writes chunk data.
- once the
!rebuild!control message is received, the server reconstructs the file.
sudo python3 server.pyedit client.py to set:
dns_server: ip of the serversearch_dir: directory to search for filesexts: file extensions to include
then run:
python3 client.py- python 3.6+
- no external libraries required
- this tool is for educational purposes only.
- do not use in unauthorized environments.
- exfiltration is detectable by network monitoring tools.
- enhance file discovery process
- add client build process for easier distribution (pyinstaller)
- add encryption (aes-256) to payloads
- implement optional response validation from server
- support dynamic domain generation (ddg)
- add gui to client or possibility to run in background !!!!! :(