Dns2tcp是一种网络工具,通过DNS流量中继的TCP连接。封装完成在TCP层,因此没有特定的驱动程序是必要的(即:TUN / TAP)。 Dns2tcp客户端并不需要与特定权限运行。


dns2tcp 首页
dns2tcp 源代码版本库


dns2tcpd - dns2tcp服务器组件
:~# dns2tcpd
Usage : dns2tcpd [ -i IP ] [ -F ] [ -d debug_level ] [ -f config-file ] [ -p pidfile ]
     -F : dns2tcpd will run in foreground

dns2tcpc - dns2tcp客户端组件

:~# dns2tcpc
No DNS given, using (first entry found in resolv.conf)
Missing parameter : need a dns zone
dns2tcp v0.5.2 ( http://www.hsc.fr/ )
Usage : dns2tcpc [options] [server]
    -c          : enable compression
    -z <domain> : domain to use (mandatory)
    -d <1|2|3>  : debug_level (1, 2 or 3)
    -r <resource>   : resource to access
    -k <key>    : pre-shared key
    -f <filename>   : configuration file
    -l <port|-> : local port to bind, '-' is for stdin (mandatory if resource defined without program )
    -e <program>    : program to execute
    -t <delay>  : max DNS server's answer delay in seconds (default is 3)
    -T <TXT|KEY>    : DNS request type (default is TXT)
    server  : DNS server to use
    If no resources are specified, available resources will be printed


:~# cat >>.dns2tcpdrc <<END
listen =
port = 53
chroot = /root/dns2tcp
pid_file = /var/run/dns2tcp.pid
domain = dns2tcp.kali.org
key = secretkey
resources = ssh:
:~# dns2tcpd -f .dns2tcpdrc
:~# cat >>.dns2tcprc <<END
domain = dns2tcp.kali.org
resource = ssh
local_port = 2139
key = secretkey
:~# dns2tcpc -f .dns2tcprc
-p 2139 -D 8090
The authenticity of host '[localhost]:2139 ([]:2139)' can't be established.
ECDSA key fingerprint is aa:bb:1f:cc:f1:ab:7c:71:9b:62:37:8c:f1:60:2e:98.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:2139' (ECDSA) to the list of known hosts.
's password:
Linux flw 3.12-kali1-amd64 #1 SMP Debian 3.12.6-2kali1 (2014-01-06) x86_64

The programs included with the Kali GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue May  6 22:54:15 2014 from beast.fritz.box
2139 -D 8090)连接到远程框。请记住使用遥控盒(lab.kali.org)的用户名,因为连接进入端口2139(-p 2139)。交通到此端口获取通过DNS隧道(因为dns2tcp客户端侦听此端口)连接到远程服务器(如您的dns2tcp服务器等待端口53上的入站连接)。虽然通过ssh连接到远程机器,你还创建了一个额外的侦听器,您的ssh命令(-D 8090)。该端口可以作为SOCKS代理,交通也将tunneld到远程框。