
Dnsteal – DNS exfiltration tool for stealthily sending files over DNS requests - dhotson
https://github.com/m57/dnsteal
======
eugenekolo2
It's a fun little program, but calling it stealthy is a reach. It seems to
just extract a bytestream from the subdomain of the domain requested. Very
easy to detect, very easy to see, and not much data can be xfered.

It's equally as "stealthy" as just sending requests to a domain you own and
logging every request. e.g. mysite.com/<bytes>

~~~
spydum
Lots of big enterprises shops monitor http traffic (proxies, transparent and
otherwise).. DNS is one of those left unmonitored usually..

~~~
eugenekolo2
I think your use of dots speaks for itself there ;). I know of several
companies that log DNS, and it wouldn't pass inspection by a human operator
which also has to be considered for something to be stealthy.

------
patrickmcmanus
more generally - ip over dns
[https://github.com/yarrick/iodine](https://github.com/yarrick/iodine)

------
efm
Be extra careful running this code, the second line contains a stack smash
attempt.

~~~
eugenekolo2
It's NOP in x86 asm and the guy's handle.
[https://twitter.com/_x90__](https://twitter.com/_x90__)

Or what is the second line to you?

~~~
efm
Thanks.

