[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #25874 [Obfuscation/Snowflake]: DNS-based rendezvous for Snowflake

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #25874 [Obfuscation/Snowflake]: DNS-based rendezvous for Snowflake
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 20 Apr 2018 21:44:37 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 20 Apr 2018 17:44:48 -0400
In-reply-to: <043.57ad9a77d6e1ff61200a3264931070ce@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.57ad9a77d6e1ff61200a3264931070ce@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#25874: DNS-based rendezvous for Snowflake
-----------------------------------+------------------------
 Reporter:  dcf                    |          Owner:  (none)
     Type:  project                |         Status:  new
 Priority:  Medium                 |      Milestone:
Component:  Obfuscation/Snowflake  |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:                         |  Actual Points:
Parent ID:                         |         Points:
 Reviewer:                         |        Sponsor:
-----------------------------------+------------------------

Comment (by dcf):

 For testing purposes, I set up snowflake-broker.bamsoftware.com to be the
 authoritative nameserver for the subdomain test.bamsoftware.com. (I think;
 I'm not too good at this DNS stuff.) There is no responder running there
 yet, but you can use tcpdump on the broker to watch requests arrive:
 {{{
 tcpdump -n -X port 53
 }}}

 Then, from somewhere else, try a normal DNS query. In the tcpdump you
 should see requests arrive from your ISP's recursive nameserver.
 {{{
 dig message${RANDOM}.test.bamsoftware.com
 }}}

 Here is sample Python 2 code for doing requests over the 1.1.1.1 DNS-over-
 HTTPS server.
 {{{
 #!/usr/bin/env python

 NAME = "whatever.test.bamsoftware.com"

 from scapy.all import *
 import base64
 import requests

 # https://developers.cloudflare.com/1.1.1.1/dns-over-https/wireformat
 /#using-post
 print("POST application/dns-udpwireformat")
 udpwireformat = str(DNS(rd=True, qd=DNSQR(qtype="A", qname=NAME)))
 r = requests.post("https://1.1.1.1/dns-query";,
     headers = {
         "Accept": "application/dns-udpwireformat",
         "Content-Type": "application/dns-udpwireformat",
     },
     data = udpwireformat,
 )
 DNS(r.content).show()

 # https://developers.cloudflare.com/1.1.1.1/dns-over-https/wireformat
 /#using-get
 print("POST application/dns-udpwireformat")
 udpwireformat = str(DNS(rd=True, qd=DNSQR(qtype="A", qname=NAME)))
 r = requests.get("https://1.1.1.1/dns-query";,
     params = {
         "dns": base64.urlsafe_b64encode(udpwireformat),
         "ct": "application/dns-udpwireformat",
     },
 )
 DNS(r.content).show()

 # https://developers.cloudflare.com/1.1.1.1/dns-over-https/json-format/
 print("GET application/dns-json")
 r = requests.get("https://1.1.1.1/dns-query";,
     params = {
         "name": NAME,
         "type": "A",
         "ct": "application/dns-json",
     },
 )
 print r.text
 }}}

 If you run this, you will see requests arrive at the broker and responses
 come back with `rcode=server-failure`, which is expected because there's
 nothing running at snowflake-broker.bamsoftware.com:53 yet.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25874#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #25874 [Obfuscation/Snowflake]: DNS-based rendezvous for Snowflake
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #25785 [- Select a component]: Torsocks error. Symbol res_query, res_search, res_domain, res_querydomian not found.
Next by Author: Re: [tor-bugs] #25688 [Obfuscation/Snowflake]: proxy-go is still deadlocking occasionally
Previous by thread: [tor-bugs] #25874 [Obfuscation/Snowflake]: DNS-based rendezvous for Snowflake
Next by thread: Re: [tor-bugs] #25874 [Obfuscation/Snowflake]: DNS-based rendezvous for Snowflake
Index(es):
- Author
- Thread