【笔记】iodine学习笔记

发表于 更新于 阅读次数:

前言

This is a piece of software that lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed.(Github

准备工作

  • 域名
  • 一个有公网IP的服务端

下载项目

1
2
git clone https://github.com/yarrick/iodine.git
cd iodine

编译项目

1
make

在DNS控制台添加配置

  • 添加一条A记录,指向CobaltStrike服务端IP地址
  • 添加两条NS记录ns1ns2,指向上一条A记录的域名

只创建一个NS记录也可以

启动服务端

192.168.0.1:随便定义一个没有在使用的网段,并选取一个IP地址作为当前主机的IP地址
<domain>:NS记录的域名
-P <password>:定义密码

1
./iodined -f 192.168.0.1 <domain> -P <password>
1
2
3
4
5
6
Opened dns0
Setting IP of dns0 to 192.168.0.1
Setting MTU of dns0 to 1130
Opened IPv4 UDP socket
Opened IPv6 UDP socket
Listening to dns for domain <domain>
  • 服务端会监听53端口的UDP连接
  • 服务端会多出来一个虚拟的网卡

客户端连接服务端

<ip_remote>:服务端的公网IP地址
<domain>:NS记录的域名

1
./iodine -f -r <ip_remote> <domain> -P <password>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Opened dns0
Opened IPv4 UDP socket
Sending DNS queries for <domain> to <ip_remote>
Autodetecting DNS query type (use -T to override).
Using DNS type NULL queries
Version ok, both using protocol v 0x00000502. You are user #0
Setting IP of dns0 to 192.168.0.2
Setting MTU of dns0 to 1130
Server tunnel IP is 192.168.0.1
Skipping raw mode
Using EDNS0 extension
Switching upstream to codec Base128
Server switched upstream to codec Base128
No alternative downstream codec available, using default (Raw)
Switching to lazy mode for low-latency
Server switched to lazy mode
Autoprobing max downstream fragment size... (skip with -m fragsize)
768 ok.. 1152 ok.. ...1344 not ok.. ...1248 not ok.. ...1200 not ok.. 1176 ok.. 1188 ok.. will use 1188-2=1186
Setting downstream fragment size to max 1186...
Connection setup complete, transmitting data.
  • 连接成功后,客户端会多一个已经与服务端建立TCP连接的虚拟网卡,此时客户端可以直接通过隧道访问服务端
1
ping 192.168.0.1

完成