2

I recently had a meeting with a security researcher who told me about tunnelling over a captive portal using DNS.

I have done some research into this but I was wondering what is the simplest way to do this using a linux / unix system? and what prerequisites do I need? Am I to assume I need an end point to tunnel to?

Neil Smithline
  • 14,621
  • 4
  • 38
  • 55
TheHidden
  • 4,265
  • 3
  • 21
  • 40

1 Answers1

4

There are various easy to find solutions for dns tunnel so it does not make sense to describe specific solutions in detail.

But, this does not mean that these solutions will work with captive portals. These work only for captive portals which let DNS traffic pass and only redirect traffic to port 80 to the portal until the system was authorized. But there are other captive portals which instead reply to the DNS questions themselves in order to direct the user to the portal. These will not work with DNS tunnels.

Apart from that some tunnel solutions need TXT records to pass the data but some portals will only pass DNS questions for address records.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • could I in theory over come this by setting my own DNS on my local machine? – TheHidden Feb 25 '16 at 16:17
  • @silverpenguin: No, this will not help. – Steffen Ullrich Feb 25 '16 at 16:18
  • didnt think it would, but was worth a thought i guess. – TheHidden Feb 25 '16 at 16:20
  • I would like to add that if port 53 is filtered, but there is a resolver available (which it usually is), chances are that you can use this to forward your DNS requests. But this relies on that the queries are not altered (i.e. to redirect users to the captive portal login page) – Dog eat cat world Feb 25 '16 at 16:36
  • @Dogeatcatworld: that's what I mean - there are captive portals which pass through the requests (does not matter much if packet forwarding or DNS forwarding) and others which either block TXT or answer the requests themselves with the address of the captive portal. – Steffen Ullrich Feb 25 '16 at 17:35