Skip to content

Latest commit

 

History

History
144 lines (102 loc) · 2.8 KB

README.md

File metadata and controls

144 lines (102 loc) · 2.8 KB
Raw

B[l]ind - DNS Tunnel

A DNS tunneling tool for TCP traffic, written in Go.

Copyright (c) 2024 Barrett Lyon. All rights reserved. MIT License

Overview

Blind allows you to tunnel TCP traffic through DNS queries, enabling connectivity in restricted network environments. It consists of a client and server component that work together to establish a bidirectional communication channel using DNS protocols.

Features

  • TCP over DNS tunneling
  • Support for both client and server modes
  • Automatic session management
  • Resilient connection handling
  • Debug logging
  • Works with ssh

Installation

go install github.com/doxx/blind@latest

Or build from source:

git clone https://github.com/doxx/blind.git
cd blind
go build

Usage Examples

Basic Examples

  1. Simple SSH Tunnel:
# On DNS server (public internet)
sudo ./blind -server-listen 0.0.0.0:53 -server-dest 127.0.0.1:22

# On client machine (behind firewall)
./blind -client-listen 127.0.0.1:2222 -client-dest dns-server.com:53

# Connect via SSH
ssh -p 2222 [email protected]
  1. Debug Logging:
./blind -client-listen 127.0.0.1:2222 \
        -client-dest dns.example.com:53 \
        -debug

Advanced Examples

  1. HTTP Proxy Tunnel:
# Server side (forwarding to local HTTP proxy)
sudo ./blind -server-listen 0.0.0.0:53 -server-dest 127.0.0.1:3128 -debug

# Client side
./blind -client-listen 127.0.0.1:8080 -client-dest dns.example.com:53

# Configure browser to use 127.0.0.1:8080 as HTTP proxy
  1. Database Connection Tunnel:
# Server side (forwarding to PostgreSQL)
sudo ./blind -server-listen 0.0.0.0:53 -server-dest db.internal:5432

# Client side
./blind -client-listen 127.0.0.1:5432 -client-dest dns.example.com:53

# Connect to database
psql -h 127.0.0.1 -p 5432 -U dbuser dbname

Systemd Service Example

Create a systemd service file for automatic startup:

# /etc/systemd/system/blind.service
[Unit]
Description=Blind DNS Tunnel Service
After=network.target

[Service]
Type=simple
User=root
ExecStart=/usr/local/bin/blind -server-listen 0.0.0.0:53 -server-dest 10.0.0.1:22
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

Enable and start the service:

sudo systemctl enable blind
sudo systemctl start blind
sudo systemctl status blind

Docker Example

FROM golang:1.21-alpine
WORKDIR /app
COPY . .
RUN go build -o blind

FROM alpine:latest
COPY --from=0 /app/blind /usr/local/bin/
EXPOSE 53/udp
ENTRYPOINT ["blind"]

Run the Docker container:

# Server mode
docker run -p 53:53/udp blind -server-listen 0.0.0.0:53 -server-dest target:22

# Client mode
docker run -p 2222:2222 blind -client-listen 0.0.0.0:2222 -client-dest dns.example.com:53

License

MIT License - See LICENSE file for details

Author

Barrett Lyon