Thank you for developers that you can schedule posts! I was away on a holiday for almost 10 days, when I got to use this tool – Heyoka. That is the reason for today’s post. God bless them tool writers!
So, I was at a hotel which advertised WiFi access with hotel reservations. Reading that, I did not carry my data card. It so turns out that I had to pay for my internet access during my stay there! I thought to myself that before I part with my sweat earned money, I should try something. I executed my trusted WireShark, let DHCP do its work and requested for Google. To my surprise, I saw that before presenting me with a authentication screen, it allowed for DNS traffic! I had my personal Windows laptop with me, which normally does not have a lot of “stuff”! Windows unfortunately does not offer as much as help Linux (think iodine) will in these situations. I smiled to myself as I was looking at my documents folder and remembered about Heyoka and as always, the rest is history! Probably they never checked the total size of my DNS requests.
Back to Heyoka now. Heyoka is a DNS tunneling tool aiming for both performance and stealth. This is open source and released under GPL! It has been written by the author of SQLNinja and was presented at last years Shakacon.
Heyoka allows you to communicate with an external host, even if the firewall in between does not want to and your communication channel stays hidden from most firewalls/IDS/IPS! It is also faster compared to existing tools, as it uses a different encoding for packets. Additionally, Heyoka can spread traffic across multiple name servers and spoof the source addresses of other hosts within the network. This way, the traffic signature gets spread across the whole internal network, making the tunnel endpoint significantly harder to spot! It spoofs the source address, using a different IP address belonging to the same network for a new request. This will effectively spread the tunnel signature among all hosts, making the data transfer a little harder to detect.
Heyoka offers another beauty – spoofing of MAC addresses! You can spoof the IP address and the MAC address as well! I just ARP scanned the network and found a few MAC addresses. Seems like the hotel staff has not heard of port level anti spoofing protection yet? Also, the author plans to include a “client”-”server” technology soon! So, expect many more Heyoka’s running in the wild and being used! This functionality is offered by a sigle Heyoka executable as of now. To add to all of this, Heyoka is open source and is Windows compatible only (as of now). The executable is less than 30 odd KB’s! Think of what can debug.exe do for you!
Download Heyoka version 0.1.3 here.
Searches leading to this post:dns tunnel, dns tunneling, stealth ip dns, how to import a project in to the work space in Websecurify tool, dns_tunneling, dnstunneling, dns-tunnel, dns tunneling windows tutorial, dns tunneling windows, dns tunneling server windows, dns tunneling html script for windows, dns tunnel windows, dns tunnel win32, dns tunnel client server, wifi tunneling dns
{ 1 comment… read it below or add one }
Any word on a quick tutorial for this tool?
You must log in to post a comment.