Skip to content
/ blind Public

TCP over DNS tunnel b[l]ind written in go.

Notifications You must be signed in to change notification settings

doxx/blind

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

B[l]ind - DNS Tunnel

A DNS tunneling tool for TCP traffic, written in Go.

Copyright (c) 2024 Barrett Lyon. All rights reserved. MIT License

Overview

Blind allows you to tunnel TCP traffic through DNS queries, enabling connectivity in restricted network environments. It consists of a client and server component that work together to establish a bidirectional communication channel using DNS protocols.

Features

  • TCP over DNS tunneling
  • Support for both client and server modes
  • Automatic session management
  • Resilient connection handling
  • Debug logging
  • Works with ssh

Installation

go install github.com/doxx/blind@latest

Or build from source:

git clone https://github.com/doxx/blind.git
cd blind
go build

Usage Examples

Basic Examples

  1. Simple SSH Tunnel:
# On DNS server (public internet)
sudo ./blind -server-listen 0.0.0.0:53 -server-dest 127.0.0.1:22

# On client machine (behind firewall)
./blind -client-listen 127.0.0.1:2222 -client-dest dns-server.com:53

# Connect via SSH
ssh -p 2222 user@127.0.0.1
  1. Debug Logging:
./blind -client-listen 127.0.0.1:2222 \
        -client-dest dns.example.com:53 \
        -debug

Advanced Examples

  1. HTTP Proxy Tunnel:
# Server side (forwarding to local HTTP proxy)
sudo ./blind -server-listen 0.0.0.0:53 -server-dest 127.0.0.1:3128 -debug

# Client side
./blind -client-listen 127.0.0.1:8080 -client-dest dns.example.com:53

# Configure browser to use 127.0.0.1:8080 as HTTP proxy
  1. Database Connection Tunnel:
# Server side (forwarding to PostgreSQL)
sudo ./blind -server-listen 0.0.0.0:53 -server-dest db.internal:5432

# Client side
./blind -client-listen 127.0.0.1:5432 -client-dest dns.example.com:53

# Connect to database
psql -h 127.0.0.1 -p 5432 -U dbuser dbname

Systemd Service Example

Create a systemd service file for automatic startup:

# /etc/systemd/system/blind.service
[Unit]
Description=Blind DNS Tunnel Service
After=network.target

[Service]
Type=simple
User=root
ExecStart=/usr/local/bin/blind -server-listen 0.0.0.0:53 -server-dest 10.0.0.1:22
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

Enable and start the service:

sudo systemctl enable blind
sudo systemctl start blind
sudo systemctl status blind

Docker Example

FROM golang:1.21-alpine
WORKDIR /app
COPY . .
RUN go build -o blind

FROM alpine:latest
COPY --from=0 /app/blind /usr/local/bin/
EXPOSE 53/udp
ENTRYPOINT ["blind"]

Run the Docker container:

# Server mode
docker run -p 53:53/udp blind -server-listen 0.0.0.0:53 -server-dest target:22

# Client mode
docker run -p 2222:2222 blind -client-listen 0.0.0.0:2222 -client-dest dns.example.com:53

License

MIT License - See LICENSE file for details

Author

Barrett Lyon

About

TCP over DNS tunnel b[l]ind written in go.

Resources

Stars

Watchers

Forks

Packages

No packages published