Build a Multi-Protocol Tunneling Tool in Java

Welcome back to LSB, hackers and developers alike. Today we show how we built a multi-protocol tunneling tool that allows you create encrypted tunnels to a remote server which then forwards your requests to the internet. This helps you to bypass certain captive portals that hotels or bars may use for authentication.

For this project we aim to create a multi-protocol tunnelling tool which will allow us to easily run multiple tunnelling tools conveniently within a simple graphical user interface. While there are many tools available out there to tunnel different protocols they are all implemented in different ways which can require a lot of research on each tool and a lot of trial and error to get them operating

In order to achieve our goal we intend to set up a server to act as a proxy for a client. This proxy will act as a middle man to receive requests from the client and send them on, on behalf of the client. These requests from the client will be packaged inside the slack space of other protocols such as DNS, ICMP or TCP.

$199 ENROLLS YOU INTO OUR SELF PACED COURSE – LFS264 – OPNFV FUNDAMENTALS!

As well as this, we intend to register a domain name which in turn will point to our server. The reason we would like to register our domain name is for the convenience of not having to type in our external IP address repeatedly during the testing phase.

While testing these tunnelling tools we plan to test them against different captive portals that are used in the real world. Different places could include hotel lobbies or internet café’s. We also have an O2 dongle which we will use to test to see if any of the tunnelling tools can bypass the firewall rules of the O2 dongle with expired credit.

Here is a little video of the finished article and this is what we will be building in this blog post (apologies for the music).

What is Tunneling?


The term tunneling is self explanatory. Think of the Channel Tunnel where you can get traffic flowing from one end of the tunnel to the other. This traffic can traverse the tunnel without getting intercepted by anything outside the tunnel. The tunnel protects the vehicles inside from being washed away by the sea (The Internet).

Tunneling on a network works in a similar way, where the logical tunnel is the encryption algorithm in use. The information traversing the network is in turn protected from eavesdroppers as to them the data would be illegible.

Protocol tunnelling, while still technically being a tunnel, differs from our Channel Tunnel example. Imagine we were smugglers and we wanted to transport oranges dressed as apples through the tunnel. Protocol tunnelling would involve disguising one protocol (apples) within the slack space of another protocol (oranges) and fooling the firewall into letting the packets through. We are not hiding packets, we are simply disguising them within a different protocol. Depending on the tool used, the data may not necessarily be encrypted from end to end and may be vulnerable to outside interference.

How Protocol tunnelling is Implemented

Protocol tunnelling is implemented in a client/server environment. The server is set to listen on a particular port/protocol and is now ready to receive requests from the client. An example would be a HTTP request from the client through DNS.

The client wishes to browse to a particular website and makes a standard HTTP request. This request is then encapsulated within a DNS request packet. The DNS request packet is then sent to the server where it is unencapsulates to reveal the original HTTP request. The server then makes the HTTP request on behalf of the client, and returns the HTTP response within the DNS response packet. The client receives the DNS packet containing the HTTP response, unencapsulates it, and is then able to display the web content in their browser.

ENROLL TODAY IN THE SELF PACED COURSE – LFS263 – ONAP FUNDAMENTALS FOR $199!

To enable us to replicate different methods of protocol tunnelling the requirements are

  • Server running a Linux operating system
  • Client running a Linux distribution (Preferably Kali)
  • Domain Name (optional)
  • Static External IP address (Recommended)

Server Installation

Our server of choice is Ubuntu Server 12.04. The machine we are running it on is a Toshiba Satellite with a Cetrino Duo processor and 2GB of ram which will be sufficient to get us up and running. We discussed what host-name to use for our server as this will be how our server is identified to the local network. We went with ubuntu for now, if this is an issue we can easilly change it at a later date.

One sudo user has been set up called aryan. Aryan has root privileges, meaning that the user can run sudo commands using their predefined passwords. One user account was required to continue the installation. The base system is then installed which took about 20 minutes to do.

Automatic updates were not chosen as we feel you have more control using manual updates. So for example, if someone is using the server at the same time as automatic updates are installing, this may disrupt the users work.

The next option asks us what way we want to tune the system to suit our needs, we chose to install the following :

OpenSSH server

OpenSSH server is open source software that enables the user to create an encrypted channel to access the servers terminal, remotely. It encrypts all data (passwords) unlike telnet,ftp and rlogin. It uses the aes256 algorithm and HMAC for encryption by default. This prevents eavesdroppers from obtaining any readable data. OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions. We aim to do all server configuration through SSH.

DNS Server:

We made sure that DNS server was not installed as this would tie up port 53, which is required for a number of differant DNS tunneling tools.

Kali Installation

Step 1:

The latest official Kali instalation disk can be downloaded in ISO format from http://docs.kali.org/downloading/download-official-kali-linux-images

Step 2:

You can either burn this to disk or install it on a Virtual machine. If you do burn it to disk, make sure that your bios is set to boot from CD for installation purposes.

$299 REGISTERS YOU FOR OUR NEWEST SELF PACED COURSE! LFD201 – INTRODUCTION TO OPEN SOURCE DEVELOPMENT, GIT, AND LINUX!

Step 3:

The set-up is a matter of following a step by step guide with the defaults. After a reboot, Kali should now be installed, either side by side with your Windows (depending on type of install) installation or as a standalone operating system.

Domain Name Registry

In order to use some of the tunnelling tools built into Kali we were required to register a domain name for our server, to make connections to the server more convenient. We used our team members details to register madit.ie. We choose this name as MAD is a pseudonym of the team members first names.

In order to bind this domain name to our server, we enter the external IP address of the router connected to the server on the local network. The A type returns a 32 bit IPv4 address which is used to match host names to an IP address.

Our ISP is Éircom and research has shown us that the external IP address is prone to change, on router reboots for example. Having contacted Éircom about a static IP address they informed us that they provided this as a service (which costs money). The IP doesn’t change frequently, so should not be an issue for us.

The site can be accessed here www.madit.ie . We have opted for a simple web interface as this is not essential for our needs at time of writing.

Post Server Installation

We updated our system using apt-get update and upgrade. This internet connection was achieved through DHCP, but this is not convenient in our scenario as we require a static IP for our server on the local network. Otherwise the IP of the server may keep changing. To find out where the server is on the network, a quick Nmap scan on 192.168.1.0/24 revealed the server to be located at 192.168.1.5.

With this information we can now log on to the server on the local network using SSH and the username created upon server installation.

REGISTER TODAY FOR YOUR KUBERNETES FOR DEVELOPERS (LFD259) COURSE AND CKAD CERTIFICATION TODAY! $499!    $299 now!!

Now that we are logged into the server via SSH the first order of buisness is to set the server IP address to a static IP so we dont have to keep looking for it everytime we want to login. This was done by editing the interfaces file using the command sudo nano /etc/network/interfaces. As illustration 6 shows, the IP of choice was 192.168.1.50. Googles DNS was choosen for convience.

The next step was to log in to the local router to enable port forwarding for a number of differant ports that we may use at a later time. Ports that came to mind were SSH, port 22 and HTTP, port 80. We then used the external IP address to test SSH logins from a remote location and this proved successful.

Users were then added on the server, the users added were user1 and user2. This was done using the command sudo adduser user1. We are then prompted for the passsword, followed by optional, additional information, as shown in illustration 7.

During the server installation we opted to also install the apache web service, more out of curiousity than neccessity, for this project. We created a simple index.html page in the /var/www directory, which is default for apache and now available from www.madit.ie.

After some online research we happened to stumble upon a useful utility for system administration,

called webmin, which allows the users to configure the server using a web interface on HTTPS port 10000. This is a more convenient way to allow us to control our server from remote locations.

Denyhosts was also installed to automate the authentication logs, this was due to the fact that when the authentication log files were checked, we noticed a number of failed login attempts to our root account.

Upon further investagation we found that these login attempts originated from China , based on IP addresses. Although attempts to login as root were not of any use due to the fact that Ubuntu, by default, does not have the root account enabled, we still decided that it would be safer to have denyhosts enabled.

Denyhosts was installed to regulate the login attempts on the server and to filter out repeated login attempts. This is done by parsing the authentication logs in the directory /var/log/. It accesses them in order to add rules to the hosts.deny file, located in the /etc/ directory, based on failed logins.

$299 WILL ENROLL YOU IN OUR SELF PACED COURSE – LFS205 – ADMINISTERING LINUX ON AZURE!

A useful feature of webmin is the ability to view running processes on the server which allows us to kill any processes that are not been utilised or may occupy a port required for another service.

Protocols Explored

Internet Protocol (IP)

The IP protocol is used to transport packets, also called datagrams, across the wide area network. It is normally used in conjunction with a higher level transport protocol, such as the Transmission Control Protocol (TCP). It allows us to address a packet and locate its source and destination based on the IP address. There are two major versions of this addressing scheme known as IPv4 and the newer, Ipv6.

IP version 4 is a 32 bit, four octet addressing scheme that assigns a number in each octet between 0 and 255. This gives a theoretical maximum number of 4,288,250,625 address spacing and this is rapidly running out.

IP version 6 is a new 128 bit, eight blocks of 16 bits as an addressing scheme, which theoretically gives us a maximum of 3.4 * 10^38 addresses.

Domain Name System (DNS)

The DNS protocol is made up of different types of DNS messages. These messages are dealt with according to the information contained within various fields. DNS falls into three message type categories: queries, responses and updates.

Message types

Queries

A query is sent to a domain name server upon which the server resolves a domain/ host name into an IP address. So for example, in our case, if a client wanted to view the website www.madit.ie, the domain name server would send out a standard query asking who madit.ie is.

Responses

The server, which is googles DNS at 8.8.8.8, responds to our query with the IP address of **.**.**.**, which is stored on googles domain name server that corresponds to the external IP of our server, provided by our ISP.

Updates

A DNS update is used to update the IP addresses of dynamic DNS host names. Firstly the DNS server detects the IP change and performs the update. If for example the IP address of http://www.madit.ie was changed by the ISP, the users browser would render this change using the DNS update automatically.

User Datagram Protocol (UDP)

User Datagram Protocol is a message based protocol that uses a best effort approach when dealing with packets. It contains an 8 byte header and is connectionless, meaning a connection does not have to be established before sending out data. UDP has more control over when data is sent out because, unlike TCP, UDP doesn’t use a congestion control mechanism, so data can be sent out regardless. Due to data corruption being common during data transfer, UDP has a primitive error detection mechanism.

The checksum is 16 bits long and not very reliable. When an error is detected, UDP does not compensate for the loss of the packet. Every packet is only sent out once, so, if it is lost in transmission, its gone.

UDP does not guarantee in-order packet delivery, therefore the packets may not arrive in the order that they were sent. There is no congestion control associated with UDP, therefore, even on a very busy network the packet will be sent out anyway. UDP may be lightweight but it is not very reliable.

Transport Control Protocol (TCP )

The Transport Control Protocol is a set of rules used in conjunction with IP to transmit data between devices across the internet. It generates a packet with a set of rules and hands the packet on to IP, to be transported across the internet.

TCP is a connection based protocol, meaning that it’s connection must be made between the two end devices using a three way handshake. Firstly, device A sends a SYN (Synchronize) request packet to request a connection to device B. Device B will respond with an SYN-ACK if they wish to make the connection with device A. Device A then sends an ACK to acknowledge the connection, completing the three way handshake.

BUNDLE CLOUD FOUNDRY FOR DEVELOPERS COURSE(LFD232) AND THE CFCD CERTIFICATION FOR $499!

Each packet is individually numbered so that it can be identified when it is received and the sender can then be sent an acknowledgement that it has been received. This also allows for retransmission of packets that have not been received, or have been dropped.

The way these packets are numbered signifies to TCP the order in which they should arrive. TCP also uses congestion control to delay transmissions on the network, if it is congested. It eases the pressure on the networks and helps prevent packet loss. TCP enforces a small change regarding error detection. The checksum is now mandatory for IP version 4 and 6. The checksum is a count of the number of bits in the packet so that the receiver can verify the same number of bits have arrived, therefore insuring the integrity of the packet.

Some disadvantages of TCP are:

  • The header is larger than a UDP packet
  • Data may not be sent out immediately due to congestion control, if you think of a voice over IP chat, if this was running in TCP the congestion control system may cause latency during the conversation
  • Bigger overhead because of retransmissions, acknowledgements, checksums and packet numbering. While these are advantages of data integrity, it reduces the speed of data transmission.

Onion Routing

The Onion Router networking protocol, used on the internet, is designed to relay the data across the network in an anonomous way. When using the Tor software foe example the user makes it difficult, or even impossible, for anyone to track your online activity. They will not be able to tell even what country you’re in. They will not be able to locate your IP address because when you enter the Tor network, unlike a normal Internet connection, Tor strips off part of the packet’s header. This is the part of the packet that uses addressing information and could be used to learn information about the user. For example, the operating system that they are using or internet browser. When this is done, Tor then encrypts the rest of the addressing information known as the packet wrapper.

Socks

SOCKS (Socket Secure) is a network protocol to communicate with internet servers through a firewall. While socks version 4 uses TCP, the newer version 5 supports both TCP and UDP. Socks runs in a Server/ Client environment. The client must have SOCKS installed in either an application such Iceweasel or Chrome, or in the TCP/ IP stack where the client software will redirect the packets into the SOCKS tunnel. The client then initiates a connection to the server. The SOCKS protocol allows for authentication of the requests and logs them. The SOCKS server on the other hand must act as an IP client for the connection request.

Tools Researched

DNS2tcp

Dns2tcp is a network tool designed to relay TCP connections through DNS traffic. Encapsulation is done at the transport layer using TCP. The dns2tcp client, Kali in this case, does not need to be run with specific privileges. Dns2tcp is composed of two parts the server side(dns2tcpd) and a client-side (dns2tcpc).

The server has a list of resources specified in a configuration file. Each resource is a local or remote service listening for TCP connections. The client listens on a predefined TCP port and relays each incoming connection through DNS to the final service.

Once the server is set up and running dns2tcpd, the client can now reach out for the dns2tcp.conf file running on the server and use the predefined services to connect through DNS. This connection can then be used to relay the servers internet connection back to the client, thus being able to browse the web etc.

Step 1:

In our scenario we first have to have dnst2cp installed on the server, this was simply got from the Advanced Packaging Tool (apt) in Linux, using the command $apt-get install dns2tcp.

Step2:

The fact that our server has been set up with SSH on port 22 we can now SSH into it using the client Kali machine. After logging in as user1 we now use nano, the built in editor, to modify the dns2tcp d.conf file located in the /etc/ folder.

This is done using the command $nano /etc/dns2tcp.conf. We set the client config file to listen on all interfaces for incoming traffic, using 0.0.0.0. The port we are using for traffic transfer is 53, this is the standard port used by DNS.

The user is set to nobody so that anybody that logs on does not have any special permissions on the system. This is usually reserved by Linux for vulnerable services like HTTPD (Apache Hypertext Transfer Protocol Server). If the system is compromised it minimizes damage options for an attacker.

Chroot = /tmp is chosen as the root directory of the dns2tcp command when running.

The domain name we are using is www.madit.ie , which is the domain we registered earlier with Register365. The resources we need for this operation are the SSH and SMTP protocols that use ports 22 and 25 respectively.

Step 3:

Now that our server is set up to use SSH, we can SSH into it using the user mo, and start the dns2tcpd service running on our server listening on port 53, as we have specified in the dns2tcpd.conf file.

The running service can be verified using the command netstat -a ¦ grep domain. Illustration 19 shows us that our server is now listening on port 53 for any ip address using either UDP or TCP.

A local Nmap scan of our server reveals port 53 open and ready to send and recieve both TCP and UDP data using dns2tcp.

SPEND $199 AND ENROLL IN OUR SELF PACED CONTAINERS FUNDAMENTALS COURSE (LFS253)!

Step 4:

The first part of the command, in this case being run on a Windows machine, with the windows version of the program, using the command: dns2tcpc -z madit.ie madit.ie . This requests the dns2tcp servers dns2tcp.conf file, and returns the services available to the user.

The -z option selects the domain name to use, the first madit.ie being the host and the second being the server, using the config files on both sides. The services available can now be used to tunnel both SSH and SMTP protocols over DNS.

Step 5:

The client then issues the command dns2tcpc -z madit.ie -l 8888 -r ssh madit.ie. This command specifies the domain name to connect to and the -l represents the port to listen on while -r is the resource we want to access, in this case SSH, followed by the domain we want to SSH into.

Step 6:

Now that we have access to SSH through port 8888, we now use the command: $ssh mo@localhost -p 8888 -D 8080 , which allows use to tunnel a direct SSH connection to the server using DNS. The -D represents the socks port to set in order to use the servers connection to access HTTP resources. We now have direct access to command line of the server.

Step 7:

In order to use the internet connection we must now switch the proxy settings in our browser (Chrome) to use the localhosts (in this case the client machines) socks port to 8080.

This now gives us internet access through SSH using a DNS tunnel, as proven with a visit to IP Chicken. Our external IP address is now our proxy server . So we now have HTTP running through SSH, all using DNS.

Iodine

This is a piece of software which comes pre installed on Kali and can be downloaded from http://code.kryo.se/iodine/ for a Windows machine. It allows the user to tunnel IPv4 data through to our DNS server. This can be used like dns2tcp in different situations where internet access is fire-walled but DNS queries are allowed.

Step 1:

Much like Dns2tcp Iodine is installed on the server using the command $apt-get install iodine. To test our Iodine tunnel locally we enter the command $sudo iodined -f 10.0.0.1 test.com on our server. This sets up a seperate DNS point to point interface with an ip address of 10.0.0.1 and using a domain name, test.com. The -f keeps the command running in the foreground.

Step 2:

The client, in this case on a Windows machine, must first install a taps interface on their machine using software downloaded from https://openvpn.net/index.php/open-source/downloads.html . This OPENVPN program allows a Windows machine to set up VPN’s (Virtual Private Networks) between nodes.

This software is used to install a virtual taps interface on the client machine, allowing this interface to be used with Iodine when we connect to the server.

Step 3:

The client runs the iodine.exe file using the command iodine.exe -f -r 192.168.1.50 test.com . The IP is the servers local address. The -f keeps the program running in the foreground. We need to insert -r to skip raw UDP mode. If we do not use this option, Iodine will try to get the public IP address of the host iodined server, in this case 192.168.1.50. This happens because traffic is sent to the server directlly, instead of the DNS relay.

Step 4:

Now we have tested iodine locally, we can now use our domain name as a relaying name server.

It was required for us now to first delegate a sub domain, Tunnel1, to our DNS server. This is needed because Iodine requires an assigned domain, in our case, tunnel1.madit.ie.

We run the command $sudo iodined -fP 192.168.99.1 tunnel1.madit.ie on the server. This sets up a DNS interface at madit.ie, which is our server, and gives it an IP address of 192.168.99.1 and binds it to our sub-domain tunnel1.madit.ie.

Step 5:

On our client machine we now use both madit.ie and tunnel1.madit.ie as a relay server. The command used is $iodine -f madit.ie tunnel1.madit.ie on the client side. This sets up a DNS interface, with the IP address 192.168.99.2, that mirrors the server.

This ping suggests that there is a point-to-point tunnel between 192.168.99.1(madit.ie), the server and 192.168.99.2(tunnel1.madit.ie), the client.

This tunnelled data traffic is not encrypted at all and at this point can be easily intercepted by an attacker by listening in on the data (Man in the middle attack).

To remedy this we will use what is known as double tunnelling. This will create a VPN tunnel through our DNS tunnel using SSH and port forwarding. The port that we have forwarded for this is DNS which is directed to our server on 192.168.1.50 from our external IP **.**.**.**(madit.ie).

Step 6:

We can now SSH to the server through the DNS tunnel at 192.168.99.1 with the command $ssh mo@192.168.99.1 from the client side.

We again now have full terminal control over the server.

Step 7:

Going on a step further from this we can use the command $ssh -D 8080 mo@192.168.99.1. Like before, we again use SSH to access the server, the difference being this time, we have opened up the SOCKS host at 8080 using version 5 using the -D command.

Step 8:

We are using Kali and the default web browser for Kali is Iceweasel. So we need to configure the proxy settings in Iceweasel to use the localhost SOCKS port 8080 for HTTP access.

Now when we visit IPChicken to find out our external IP address, it returns the IP of our proxy server, which is represented by the domain name madit.ie. This was tested outside the boundaries of the local area network.

SPEND $199 AND ENROLL IN OUR SELF PACED CONTAINERS FUNDAMENTALS COURSE (LFS253)!

Netcat

Netcat was written by a guy known as The Hobbit in 1995. Netcat writes data across networks using both the UDP and TCP protocols. Netcat does not encrypt the data. The nc command was an unrecognised command on our server, so for testing purposes we set up Netcat on two Kali machines.

Step 1:

Firstly we have to tell our proxy to listen on port 8080. The local proxy server IP address is 192.168.1.3 in this case. This allows any client that connects to this port full terminal access by sending the whole shell over.

Options tested: -l listen mode for inbound connections.

-v verbose mode (Can be used twice to be more verbose.)

-p Local port number.

The command entered on the Proxy/ Server side Kali machine.: $nc -l -v -p 8080 -e /bin/bash

Step 2:

Client side Kali machine: $nc 192.168.1.3 8080

We were then able to run a remote command line on the listening machine from within the local area network locally.

Step 3:

Our next step is to try this on our server. After we attempted to run the previous commands on the server we were prompted to use net-cat-alternatives. After some online research we found that we could use $sudo update-alternatives -–config nc . This presented us with a list of binary Netcat types that we could install on the server. The option we needed to use was the nc.traditional. Once this was done the nc command was now available to us on the server. We entered $sudo nc -l -v -p 8080 to set the server listening on port 8080.

Netcat can also be used as a port scanner, which we used to check to make sure our server was actually listening on port 8080. As illustration 44 indicates port 8080 is indeed open.

Step 4:

Once Netcat is running on the server, the client can issue the $nc 192.168.1.50 8080 giving us control of our server from our client. An ls command tells us we have control of the server through Netcat.

A simple Nmap scan of the server reveals that Netcat has opened up port 8080 as a http-proxy, this should allow us to configure Iceweasels proxy settings and SOCKS ports to use Netcat’s tunnel. However this experiment did not work for us on either the SOCKS ports or the HTTP proxy settings.

Step 5:

When the connection to the server was established, we entered a simple text message on the command line, and this was sent to the server. This was all done while capturing the transmission using Wireshark.

When we follow the TCP stream in Wireshark, we can see that any commands or messages we type from the client are sent through HTTP in plain text. This was followed up with an ifconfig command to the server from the client, revealing all interface details on the server.

Step 6:

In order to get this to operate, we had to to permit our router to port forward on port 8080, or any other port that we specify.

Step 7:

Our next step was to try to access the server using a remote client connection. This time we are connecting Netcat to the server using our external IP address.

We now have a remote connection running on the server through Netcat. We can also tunnel using madit.ie in the command instead of our external IP.

Testing conclusions: While Netcat allows us to tunnel remote connections between two machines, it is not secure, as it sends all transmissions in plain text. Netcat also didn’t seem to allow us to use the SOCKS port 8888 or 8080 for internet access, even though we were able to get command line access.

Cryptcat

Cryptcat is one of the tunnelling tools available in Kali. Cryptcat writes data across network connections using UDP or TCP protocols. Cryptcat is the next generation of Netcat and encrypts all of the data with Twofish encryption, using a symetric key during the transmission.

Two-fish is accredited to Bruce Schneier and uses block ciphering. Block Ciphering is a method of encrypting plain text where a cryptographic key (one fish) and an algorithm (two fish) are applied to a block of data. Twofish uses a single key of any length up to 256 bits.

Online research however revealed that Cryptcat also uses a password as a salt to encrypt the data during the connection. A salt refers to the random data (password) that is used as additional input in this one way function. When a password is not specified, Cryptcat defaults to the hard coded password of metallica.

Step 1:

Firstly, we need to install cryptcat on the server using $sudo apt-get install cryptcat. Cryptcat is then set to listen on port 8080 for incoming UDP and TCP connections.

Step 2:

The client who is running a Linux operating system (Kali) already has Cryptcat pre installed. The user can now connect to the server via Cryptcat using the command cryptcat 192.168.1.50 8080 for a local connection with shell access and control over the command line.

A Wireshark capture of this data transmission shows that the message has been encrypted this time using Two-fish encryption.

Step 3:

A remote client can now also connect to our server using cryptcat, our domain name and our forwarding port of 8080. It is however still using the default password of metallica.

This is easily remedied by the user acting as a server, in this case adding the -k command and their own secret key (salt), which will last for the duration of the connection. The password which we used is “test”.

$199 ENROLLS YOU INTO THE CONTAINERS FOR DEVELOPERS AND QUALITY ASSURANCE COURSE (LFS254)!

The user acting as the client simply uses the same -k command and password of test to establish the encrypted connection.

Proxychains

Proxychains is a tool that was built for Linux and other Unices (plural of UNIX) distributions. It allows us to use a DNS or TCP tunnel through a proxy, or a proxy chain, allowing us to run any service like SSH, TELNET, WGET, FTP and Nmap through the proxy for access to the internet from behind a restrictive firewall. Proxychains also gives us the capability to hide our IP.

Step 1:

Install Proxychains via the APT repository using apt-get install proxychains. The client again a Kali (Virtual Machine ) comes with Proxychains pre-installed.

Our first step is to install Tor on the client and start it running as a service. Tor, now in its second-generation onion routing, is a system that enables it’s users to communicate anonymously on the Internet.

Step 2:

We must now navigate to the Proxychains config file using the command nano /etc/proxychains.conf . Dynamic chains are used rather than strict chains, as strict chains drop the connection if a proxy times out. Socks 5 is also added to the proxy list so that it can be used if available. Both SOCKS ports are configured to use Tor’s default port of 9050.

Step 3:

Proxychains is now run with the application of choice, in this example Iceweasel is being opened to the web page of www.ipchicken.com to prove our external ip address has changed to a proxy server, instead of our assigned IP address provided to us by our internet service provider.

Another interesting website to visit is DNSleak. This website can be used to geolocate your location. However due to the fact that we are running Iceweasel through proxychains and Tor this will now be shown as the proxy server instead.

Madit Tunnelling Tool

It was decided by the group at this stage that we have enough tools researched to be able to implement it into our tunnelling tool. Firstly we need to install eclipse before we can get coding.

Installing Eclipse

Eclipse is an IDE(Integrated Development Environment) with a built in compiler that allows you to both build/compile and run Java code which we are using in our example. It also allows you to bundle your code into a .jar file creating a standalone program. Eclipse for Linux can be downloaded from http://www.eclipse.org/downloads .

After downloading eclipse you need to unzip the file using gunzip . Then we need to use the command tar -xvf . A tar file is a collection of files and folders stored as one file. The -x is used for extracting the file. The -v is verbose and -f is the file that you want to extract.

The Eclipse folder can now be moved it to your directory of choice and run from there by double clicking on the Eclipse executable which is simply called Eclipse.

The next step is to decide on where your workspace directory is to be located. This will be where all our Java code will be stored.

The first file we make is MaditGui.java which will be a class to build the initial GUI of our program. Different GUI concepts where discussed. The original idea was to give as many options to the user as possible and thus making the tool as versatile as possible. This was later decided against, as it was felt that it would defeat the purpose of trying to make a tool that is easy for the end user to operate.

After a number of different layouts/designs and many cups of coffee, we decided that a very simple layout with only username/ password and tool options would suffice. Options will be expected to only allow input for fields that are necessary for the given tool selection. This would minimise the amount of options for the user, but we concluded that a simple GUI interface was the best option to keep it as straight forward as possible for the user.

ENROLL TODAY IN THE DevOps Fundamentals: Implementing Continuous Delivery SELF PACED COURSE! $199

Illustration 73 is a concept of what we originally planned and illustration 74 shows the running GUI. This we felt was over complicated and we wanted to make the program as versatile as possible and not defeat the purpose of the tool.

The GUI that we finally decided to go for will contain a logo relating to our project, followed by a drop-down combo-box with options of the tools that we have implemented in our code.

The username option is required for some tools like dns2tcp and Iodine in order to set up an SSH connection through DNS to the server, but the password is blanked out. The user is then asked to enter their SSH login password for the server, creating an SSH encrypted link over DNS.

The following code will give us a finished runnable program that should look like this:

MPT

Other tools like Cryptcat will require a password which we will be hardcoded and the username blanked out so as to make it easier for the user. The only conditions for tools like nc and crypcat is that we have server access to set these services listening. This is the first draft of the program and may change in the future, such as, extra features where necessary.

Clone from here: https://github.com/Dguiny/Multi-ProtocolTunnel/tree/master or copy from below.

The code for the initial GUI is:

MadItGui.java

import java.awt.*;
import java.awt.event.*;

import javax.swing.*;

public class MadItGui extends JFrame implements ActionListener{
	
	
	/**
	 *
	 */
	private static final long serialVersionUID = 1L;
	
	boolean listening = false;//Shows if a listening port is open NB NOT currently in use
	String toolSelect = "";

/**
 * Declaration of all the JPannels that are being used.
 * The center panel is set to Borderlayout and the panels
 * cpnPanel (Center Panel North) and cpcPanel (Center Panel Center)
 * are added.
 */
	JPanel northPanel,centerPanel,infoPanel,cpnPanel,cpcPanel;
/************ JLabels ***********/

	JLabel mainLogo;	
	JLabel lblusername;
	JLabel lblpassword;
//	JLabel status;// This will probably be implemented at a later date. Running/Not Running

/************* JTextFields ********/
	
	static JTextField tfusername;
	static JPasswordField pfpassword;

/************* JButtons **********/
	
	JButton launch;
	JButton instructions;
//	JButton login; //Depreciated button replaced with "Launch" Button

/**************** misc **************/

	ImageIcon MadItLogo;
	JComboBox toolSelection;
	
/************************************/
	public MadItGui(){
		setTitle("MadIT - Tunnelling Tool");
		setSize(325, 390);
		setLocation(350, 150);
		setVisible(true);
/************ Creating Instances of all Objects ********************/

		northPanel = new JPanel();
		centerPanel = new JPanel(new BorderLayout());
			cpnPanel = new JPanel();
			cpcPanel = new JPanel();
		infoPanel = new JPanel();

/*******************************************************************/
		
		MadItLogo = new ImageIcon(getClass().getResource("images/mptLogo.png"));
		
		//MadItLogo = new ImageIcon("images/mptLogo.png");
		
		mainLogo = new JLabel();
			mainLogo.setIcon(MadItLogo);

/*******************************************************************/

		String[] tools = {"- Select Tool -","netcat","cryptcat","dns2tcp","iodine",};
		
		toolSelection = new JComboBox(tools);
			toolSelection.addActionListener(this);

/*******************************************************************/
			
		lblusername = new JLabel("Username");
		lblpassword = new JLabel("Password ");
		
		tfusername = new JTextField(16);
			tfusername.setEditable(false);
			tfusername.setText("");
		pfpassword = new JPasswordField(16);
			pfpassword.setEditable(false);
			pfpassword.setText("");

/*******************************************************************/
//		May be implemented at a later date
			
//		status = new JLabel("Not Listening");
//		//status.setForeground(Color.red);
//		status.setBackground(Color.red);
//		status.setOpaque(true);

		launch = new JButton("Launch");
		launch.setEnabled(false);
		launch.addActionListener(this);
		
		instructions = new JButton("Instructions");
		instructions.setEnabled(false);
		instructions.addActionListener(this);

/***************** Adding Objects to Appropriate Panels ******************************/
		
		northPanel.add(mainLogo);
		
		cpnPanel.add(toolSelection);
		
		cpcPanel.add(lblusername);
		cpcPanel.add(tfusername);
		cpcPanel.add(lblpassword);
		cpcPanel.add(pfpassword);
		
		cpcPanel.add(launch);
//		cpcPanel.add(login);
		infoPanel.add(instructions);

/*********************************************************/
		
		centerPanel.add(cpnPanel,BorderLayout.NORTH);
		centerPanel.add(cpcPanel,BorderLayout.CENTER);

/*********************************************************/		
		/** Add Panels to JFrame **/
		
		add(northPanel, BorderLayout.NORTH);
		add(centerPanel, BorderLayout.CENTER);
		add(infoPanel, BorderLayout.SOUTH);
	}
	/**
	 *
	 */
	@SuppressWarnings("deprecation")
	public void actionPerformed(ActionEvent e) {
	
	/** This Makes sure that the 'toolSelect' String value, will always
	 *  be assigned the value of the tool that is currently selected in
	 *  the combo-box.
	 *  
	 *  The if statement, stops it from trying to update if the launch
	 *  button is pressed and therefore, no update is needed. Also with-
	 *  out it, it ran into some errors.
	 */
		
		if(e.getSource() != launch && e.getSource() != instructions){
			JComboBox cb = (JComboBox) e.getSource();
			toolSelect = (String)cb.getSelectedItem();	
		}
	/** The Following block of if/else if statements, dictate what happens
	 *  as you change what tool is selected. For example, if you haven't
	 *  selected a tool, then the launch button is disable and so are the
	 *  username and password fields
	 */
		if(toolSelect.equals("- Select Tool -")){
			tfusername.setText("");
			tfusername.setEditable(false);
			pfpassword.setText("");
			pfpassword.setEditable(false);
			launch.setEnabled(false);
			instructions.setEnabled(false);
		}
		else if(toolSelect.equals("dns2tcp")){
			tfusername.setEditable(true);
			pfpassword.setText("");
			pfpassword.setEditable(false);
			launch.setEnabled(true);
			instructions.setEnabled(true);
		}
		else if(toolSelect.equals("iodine")){
			tfusername.setEditable(true);
			pfpassword.setText("");
			pfpassword.setEditable(false);
			launch.setEnabled(true);
			instructions.setEnabled(true);
		}
		else if(toolSelect.equals("netcat")){
			tfusername.setText("");
			tfusername.setEditable(false);
			pfpassword.setText("");
			pfpassword.setEditable(false);
			launch.setEnabled(true);
			instructions.setEnabled(true);
		}
		else if(toolSelect.equals("cryptcat")){
			tfusername.setText("");
			tfusername.setEditable(false);
			pfpassword.setEditable(true);
			launch.setEnabled(true);
			instructions.setEnabled(true);
		}
/***************************************************************/
		
	/**
	 *  These if/else statements will call the appropriate function(s)
	 *  based on what tool is selected.
	 * 	
	 */
		if(e.getSource() == launch){
			if(toolSelect.equals("- Select Tool -")){
				JOptionPane.showMessageDialog(this, "You Must Select A Tool To Use!");
			}
			else if(toolSelect.equals("dns2tcp")){
				
				boolean valid = checkInput();//Boolean to check if all appropriate fields have been filled
				
				if(!valid){
					JOptionPane.showMessageDialog(this,
					        "You must enter a user name.",
					        "Error",
					        JOptionPane.ERROR_MESSAGE);
				}
				else{
					Run.dns2tcpOpenListeningPort();
					try {
					    Thread.sleep(1000);
					} catch(InterruptedException ex) {
					    Thread.currentThread().interrupt();
					}
					Run.dns2tcpSSHLogin(tfusername.getText());
				}
			}
			else if(toolSelect.equals("iodine")){
				boolean valid = checkInput();
				
				if(!valid){
					JOptionPane.showMessageDialog(this,
					        "You must enter a user name.",
					        "Error",
					        JOptionPane.ERROR_MESSAGE);
				}
				else{
					Run.iodineOpenListeningPort();
					try {
					    Thread.sleep(5000);
					} catch(InterruptedException ex) {
					    Thread.currentThread().interrupt();
					}
					Run.iodineSSHLogin(tfusername.getText());
				}
			}
			else if(toolSelect.equals("netcat")){
				Run.netcatOpenListeningPort();
			}
			else if(toolSelect.equals("cryptcat")){
				boolean valid = checkInput();
				
				if(!valid){
					JOptionPane.showMessageDialog(this,
					        "You must enter a password.",
					        "Error",
					        JOptionPane.ERROR_MESSAGE);
				}
				else if(valid){
					Run.cryptcatOpenListeningPort(pfpassword.getText());
				}
			}
/********************************************************************************/
		}	
		else if(e.getSource() == instructions){

				if(toolSelect.equals("dns2tcp")){
					Instructions.getDns2tcpInstructions();
				}
				else if(toolSelect.equals("iodine")){
					Instructions.getIodineInstructions();				
				}
				else if(toolSelect.equals("netcat")){
					Instructions.getNetcatInstructions();				
				}
				else if(toolSelect.equals("cryptcat")){
					Instructions.getCryptcatInstructions();				
				}
		}
	}
	@SuppressWarnings("deprecation")
	public static boolean checkInput(){
		
		if(tfusername.isEditable() && pfpassword.isEditable() && (tfusername.getText().equals("") || pfpassword.getText().equals(""))){	
			return false;
		}
		else if(tfusername.isEditable() && tfusername.getText().equals("")){
			return false;
		}
		else if(pfpassword.isEditable() && pfpassword.getText().equals("")){
			return false;
		}
		else{
			System.out.println(pfpassword.getText());
			return true;
		}
		
	}
}

This section of code is where the scripts we are using are called from and takes user input such as username or password and concatenates it to a string variable that can be used  to run the script.
Run.java

import java.io.IOException;


public class Run {
	/**
	 *
	 * @param uname
	 */
	public static void dns2tcpSSHLogin(String uname){
		
		String username = uname;
		// The sshLoginScript, builds the script that needs to be run, before running it.
		// This way is can be easily tested/edited, without having to run it first.
		
		String sshLoginScript = "xterm -e ssh "+username+"@localhost -p 8888 -D 8080";
	
//		System.out.println(sshLoginScript); //This was used for testing purposes to see what the output was.
		try {
			Runtime.getRuntime().exec(sshLoginScript);
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
	}
	/**
	 * All the rest of these functions are done in mostly the same manner
	 */
	public static void dns2tcpOpenListeningPort(){

		String domain = "89.100.101.14";
		String domainScript = "dns2tcpc -z "+domain+" -l 8888 -r ssh "+domain;

//		System.out.println(domainScript);
		
		try {
			Runtime.getRuntime().exec(domainScript);			
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
	}
	/**
	 *
	 */
	public static void iodineOpenListeningPort(){
		
		String domain = "madit.ie";
		String subDomain = "tunnel1";
		String domainScript = "iodine -f "+domain+" "+subDomain+"."+domain;

//		System.out.println(domainScript);
		
/*		try {
			Runtime.getRuntime().exec(domainScript);			
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
*/
	}
	/**
	 *
	 * @param uname
	 */
	public static void iodineSSHLogin(String uname){
		
		String username = uname;
		String domain = "192.168.99.1";
		String port = "8080";
		
		String sshLoginScript = "xterm -e ssh -D "+port+" "+username+"@"+domain;
	
		System.out.println(sshLoginScript);
/*		try {
			Runtime.getRuntime().exec(sshLoginScript);
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
*/	}
	/**
	 *
	 */
	public static void netcatOpenListeningPort(){
		
		String domain = "madit.ie";
		String domainScript = "nc "+domain+" -D 8080";

		System.out.println(domainScript);
		
/*		try {
			Runtime.getRuntime().exec(domainScript);			
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
*/
	}
	/**
	 *
	 * @param uname
	 */
	public static void netcatSSHLogin(String uname){
		
		String username = uname;
		
		String sshLoginScript = "xterm -e ssh "+username+"@madit.ie -D 8080";
	
		System.out.println(sshLoginScript);
/*		try {
			Runtime.getRuntime().exec(sshLoginScript);
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
*/	}
	/**
	 *
	 * @param psw
	 */
	public static void cryptcatOpenListeningPort(String psw){
		
		String domain = "madit.ie";
		String password = psw;
		String port = "8080";
		
		String domainScript = "xterm -e cryptcat "+domain+" "+port;

		System.out.println(domainScript);
		
/*		try {
			Runtime.getRuntime().exec(domainScript);			
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
*/
	}
	/**
	 *
	 * @param uname
	 */
	public static void cryptcatSSHLogin(String uname){
	/*	
		String username = uname;
		
		String sshLoginScript = "INSERT cryptcat SSHLoginScript HERE";
	
		System.out.println(sshLoginScript);
/*		try {
			Runtime.getRuntime().exec(sshLoginScript);
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
*/	}
	/**
	 *
	 */
	public static void ptunnelOpenListeningPort(){
		
		String domain = "madit.ie";
		String port = "8000";
		String domainScript = "ptunnel -p "+domain+" -lp "+port+" -da "+domain+" -dp 22";

		System.out.println(domainScript);
		
/*		try {
			Runtime.getRuntime().exec(domainScript);			
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
*/
	}
	/**
	 *
	 * @param uname
	 */
	public static void ptunnelSSHLogin(String uname){
		
		String username = uname;
		
		String sshLoginScript = "INSERT ptunnel SSHLoginScript HERE";
	
		System.out.println(sshLoginScript);
/*		try {
			Runtime.getRuntime().exec(sshLoginScript);
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
*/	}
}

The instructions class calls the function to display the step by step instructions based on the tool chosen.
Instructions.java

import javax.swing.JFrame;
import javax.swing.JOptionPane;

public class Instructions extends JFrame{
	
	/**
	 *
	 */
	private static final long serialVersionUID = 1777211193730988500L;
	
	public Instructions(){
		
	}
	public static void getDns2tcpInstructions(){
		JOptionPane.showMessageDialog(null,
		        "1) Input the login name for the proxy server\n"
				+ "2) Click the 'Launch' button\n"
				+ "3) Wait for the SSH prompt for the password\n"
				+ "4) Input password\n"
				+ "5) Open Firefox and navigate to 'Edit', 'Preferences', 'Network','Settings'\n"
				+ "6) Set the SOCKS Host to 'localhost' port '8080'",
		        "Running dns2tcp",
		        JOptionPane.INFORMATION_MESSAGE);
		
		//System.out.println("dns2tcp");
	}
	public static void getIodineInstructions(){
		
		JOptionPane.showMessageDialog(null,
		        "1) Input the login name for the proxy server\n"
				+ "2) Click the 'Launch' button\n"
				+ "3) Wait for the SSH prompt for the password\n"
				+ "4) Input password\n"
				+ "5) Open Firefox and navigate to 'Edit', 'Preferences', 'Network','Settings'\n"
				+ "6) Set the SOCKS Host to 'localhost' port '8080'",
		        "Running iodine",
		        JOptionPane.INFORMATION_MESSAGE);
		
		//System.out.println("iodine");
	}
	public static void getNetcatInstructions(){
		JOptionPane.showMessageDialog(null,
		        "Click 'Launch' and you are good to go.",
		        "Running netcat",
		        JOptionPane.INFORMATION_MESSAGE);
		
		//System.out.println("netcat");
	}
	public static void getCryptcatInstructions(){
		JOptionPane.showMessageDialog(null,
		        "1) Input the cryptcat psk\n"
				+ "2) Click the 'Launch' button\n"
				+ "3) You are good to go!",
		        "Running cryptcat",
		        JOptionPane.INFORMATION_MESSAGE);
		//System.out.println("cryptcat");
	}
}






This section of code contains the main method and is used to simply launch the program.
MadItLaunchApplication.java
import javax.swing.JFrame;

/**
 * This class simply launches the program by creating
 * an instance of the GUI and validates it. Also it
 * makes sure that when the GUI window of the application
 * is closed, that the application is actually closed by
 * setting the Default Close Operation to EXIT_ON_CLOSE
 *
 * @author mwalsh, aryan, dguinney
 *
 */

public class MadItLaunchApplication {
	
	public static void main(String[]args){
		MadItGui MadIt = new MadItGui();
		MadIt.validate();
		MadIt.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
	}
}

Testing Our Tunnelling Tool Against Real World Captive Portals

During our research, one of our team members acquired an O2 pre-pay dongle. Out of curiosity we attempted to test our tool against it, to achieve internet access. Once we plug the dongle in, via usb, it installs it’s own software and automatically sends a user to O2’s home page (We are getting out to O2’s HTTP page, but why can’t we go any further?).

Step1:

Next, we attempted to log in to the O2 account of the dongle owner, but we don’t have the credentials. A way around this, we thought, would be to see if we could send a text message from the O2 dongle to one of the group members phones, revealing the number related to the O2 dongle.

To our surprise, this worked. We received a text message from the number associated with the Dongle, which was 086*******.

Step 2:

Next, we tried to log in again with the number we received, but we told O2 we had forgotten our password. This allowed us to reset our O2 password. After entering a captcha code we received a text message directly to the dongle with the code to reset the password.

Step 3:

We entered this code into the next window we were presented with.

4:

The final step was to reset the password, this was done by simply entering the password twice. In our case we used the password Test1234.

O2 then told us that our password had been successfully changed.

Now when we log in with the same number and our new password we gain access to the users account, which is Damien, none of our team members are named Damien.

We explored the account a little and were given some personal information on the dongle’s owner. We did not alter the account in any way.

When we clicked on the Top-Up Phone option, it gave us the option to top-up by as much as €50. Although the users credit card details are blocked out we could still use the details to top up the account.

ENROLL IN THE LINUX FOUNDATION LFC210 – FUNDAMENTALS OF PROFESSIONAL OPEN SOURCE MANAGEMENT TODAY! $179

Although not extremely relevant to this particular project, we thought that this would be valuable information to anyone with an O2 dongle. The remedy to this would be to simply use a PIN number on the sim card. Something O2 may have overlooked.

We then tried Iodine tunnelling on our 02 dongle. We simply ran Iodine again. $iodine -f madit.ie tunnel1.madit.ie on the client.

While making this attempt we listened in on the wireless interface using Wireshark.

We can see from this packet capture that the O2 dongle has resolved the domain name madit.ie to our server at **.**.**.**, but doesn’t appear to let us go any further.

Conclusions

There are many open source applications out there that offer tunnelling tools, so we simply used some of those existing tools and built a program around them so as to have them bundled in one nice package. We did however notice, during the research phase, a lack of information on implementing tunnels in general. We seemed to find little information from multiple sources and pieced them together as appropriate in relation to creating a working tool.

One thing we did find out was that Kali was the go to tool when it came to built-in tunneling tools. After this, it was a case case of trial and error on our part in which we tested all the available tools. Some of which we managed to get working but alas some of which we did not.The tools we found that were the most reliable and easiest to implement made the final cut for our program.

We decided to make the tool as user friendly as possible so that a person lacking technical skills could operate it. Our end goal was for a user to be able to simply click-and-go with very little additional information required. While we did manage to achieve a lot of our goals, we found that our tool could be easially expanded upon and may very well be done in the future.

When it came to the coding we found it quite refreshing as group members had not coded in some time. While the coding is working fine as is, there is always room for improvement, as getting the code to work was the main goal and it was only when we read back over the code, we noticed what futher issues there were to address and what further functionality could be added. One issue was that there were a lot of if/else statements used instead of, maybe, a switch statement. This was overlooked as our main goal was an operational program that does what it says on the tin.

We all agreed that this project would be a great tool for those who want to or need internet access in places where internet access is available, but a captive portal is being implemented blocking internet access. We found our tool worked best in areas such as Hotels, Librarys etc. This is due to the fact that these companies are not IT related and may not be security conscious.

Sources

Web

Hellbound Hackers (February 19 2007) Cryptcat: Advanced Usage [online] available from

< https://www.hellboundhackers.org/articles/read-article.php?article_id=634 > accessed on (March 26th 2014).

Common Exploits (17th May 2014)Icmp Shell Fun [online] available from <http://www.commonexploits.com/icmp-shell-fun/ > accessed on (24 Feb 2014)

Mohammad Thalif (December 14 2010) List of open source captive portal software and network access control(NAC) [online] available from < http://mohammadthalif.wordpress.com/2010/12/14/list-of-open-source-captive-portal-software-and-network-access-control-nac/ > accessed on (April 5th 2014)

Mewbies(18th Aug 09) How to use a proxy [online] available from < http://mewbies.com/how_to_use_a_proxy_socks5.htm > accessed on (18th April 2014)

Magic Tunnel (2010) Download [online] available from < http://www.magictunnel.net/install.php > accessed on (April 8th 2014)

WiFiDog Captive Portal (1 June 2013) Wifi Dog [online] available from < http://en.wikipedia.org/wiki/WiFiDog_Captive_Portal > accessed on (April 20th 2014)

Richard Osgood (08 Oct 2012)Tunneling TCP over DNS [online] available from < http://www.richardosgood.com/blog/2012/10/05/tunneling-tcp-over-dns/ > accessed on the (22th April 2014)

Hal Berghel(April, 2007) Hiding Data, Forensics and Anti-Forensics [online] available from

< http://www.berghel.net/col-edit/digital_village/apr-07/dv_4-07.php > accessed on (28th April 2014)

Bmap(27th December 2010) Hiding Data: Slack Space on Linux [online] available from

< http://realinfosec.com/?p=470 > accessed on (1st May 2014)

Register365(2014) What are the Register365 DNS / Nameservers?[online] available from < http://www.register365.com/knowledge/domains/dns/585/ > accessed on (19th April 2014)

Fak3r (13th Aug 2013)HOWTO connect to SSH via SSL with sslh [online] available from < https://fak3r.com/2013/08/13/howto-connect-to-ssh-via-ssl-with-sslh/ > accessed on (3rd May 2014)

Real Hackers Point(4th Feb 2013) Hacking ISP For Unlimited Internet [online] available from

< http://realhackerspoint.blogspot.ie/2013/02/hacking-isp-for-unlimited-internet.html > accessed on (5th May 2014)

Kryo(6th Febuary 2010)Iodine [online] available from < http://code.kryo.se/iodine/ > accessed on (17th April 2014)

Debian Admin(Jan 16 2008) Access Network When Everything Else is Blocked Using ptunnel

[online] available from < http://www.debianadmin.com/access-network-when-everything-else-is-blocked-using-ptunnel.html > accessed on the (14th April 2014)

Ethereal Mind(6th June 2008)Fast Itroduction to SOCKS ports [online] available from <

http://etherealmind.com/fast-introduction-to-socks-proxy/ > accessed on (9th May 2014)

Videos

DNS tunnelling (May 31, 2012) DemmSec – Beginner Hacking Episode 8 [online] available from

< http://www.youtube.com/watch?v=duU0xpc51Us > accessed on (March 28th 2014)

Kronicdify (Oct 13, 2012)TCP over DNS [online] available from < http://www.youtube.com/watch?v=RzrInQjBhYc > accessed on (28th March 2014)

Cgermany77(27th November 2010) Setting up DNS Server in Ubuntu [online] available from < http://www.youtube.com/watch?v=OUv03JV5SLc >accessed on (15th April 2014)

SSH Network (Mar 1, 2012)Windows Linux SSH proxy tunnel [online] available from

< https://www.youtube.com/watch?v=VkXUVie4MZ0 > accessed on (8th May 2014)

Code on Github: https://github.com/Dguiny/Multi-ProtocolTunnel

By:

Maurice Walsh

QuBits

Adam Ryan

2019-05-29

LFD432

 

1 Comment

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.