### Start dnstt server for Tor bridge Source: https://repo.or.cz/dnstt This command starts the dnstt server on the tunnel server. It listens on UDP port 5300 and forwards traffic to the Tor bridge's ORPort (9001) on localhost. It requires a private key file and a domain name. ```bash tunnel-server$ ./dnstt-server -udp :5300 -privkey-file server.key t.example.com 127.0.0.1:9001 ``` -------------------------------- ### Execute dnstt-server with custom MTU Source: https://repo.or.cz/dnstt Starts the dnstt-server with a specific MTU of 512 bytes, using a DoH resolver and a public key file. This configuration is used to ensure compatibility with restrictive DNS resolvers at the cost of reduced bandwidth. ```bash $ ./dnstt-server -mtu 512 -doh https://doh.example/dns-query -pubkey-file server.pub t.example.com 127.0.0.1:7000 ``` -------------------------------- ### Test Tunnel Connection with Ncat Source: https://repo.or.cz/dnstt.git A simple command to start a local listener on the tunnel server's destination port to verify traffic forwarding. ```bash ncat -l -k -v 127.0.0.1 8000 ``` -------------------------------- ### Setup SSH SOCKS Proxy (Client-Side) Source: https://repo.or.cz/dnstt.git Configures the dnstt server to forward traffic to the SSH port and then establishes an SSH SOCKS proxy on the client side. ```bash tunnel-server$ ./dnstt-server -udp :5300 -privkey-file server.key t.example.com 127.0.0.1:22 tunnel-client$ ./dnstt-client -doh https://doh.example/dns-query -pubkey-file server.pub t.example.com 127.0.0.1:8000 tunnel-client$ ssh -N -D 127.0.0.1:7000 -o HostKeyAlias=tunnel-server -p 8000 127.0.0.1 tunnel-client$ curl --proxy socks5h://127.0.0.1:7000/ https://wtfismyip.com/text ``` -------------------------------- ### Run dnstt Client with DoT Source: https://repo.or.cz/dnstt.git Starts the dnstt client tunnel using a DNS-over-TLS (DoT) resolver. Requires the DoT resolver address and port, server public key, DNS zone root, and a local port for connections. ```bash tunnel-client$ ./dnstt-client -dot dot.example:853 -pubkey-file server.pub t.example.com 127.0.0.1:7000 ``` -------------------------------- ### Start dnstt client for Tor bridge Source: https://repo.or.cz/dnstt This command initiates the dnstt client, connecting to the Tor bridge. It uses DNS-over-HTTPS (DoH) for the initial connection and forwards traffic to a local SOCKS port (7000). It requires the server's public key and the domain name. ```bash tunnel-client$ ./dnstt-client -doh https://doh.example/dns-query -pubkey-file server.pub t.example.com 127.0.0.1:7000 ``` -------------------------------- ### Configure Tor client with bridge line Source: https://repo.or.cz/dnstt This is an example of a bridge line configuration for Tor. It specifies the IP address and port of the bridge, followed by its fingerprint. This line should be added to the Tor configuration file (e.g., /etc/tor/torrc) or pasted into Tor Browser. ```torrc Bridge 127.0.0.1:7000 FINGERPRINT ``` -------------------------------- ### Setup Ncat HTTP Proxy with dnstt Server Source: https://repo.or.cz/dnstt.git Configures the dnstt server to forward traffic to an ncat HTTP proxy. This allows the tunnel to function as an HTTP proxy. ```bash tunnel-server$ ncat -l -k --proxy-type http 127.0.0.1 8000 tunnel-server$ ./dnstt-server -udp :5300 -privkey-file server.key t.example.com 127.0.0.1:8000 ``` -------------------------------- ### Setup SSH SOCKS Proxy with dnstt Server Source: https://repo.or.cz/dnstt.git Establishes an SSH SOCKS proxy on the server and configures the dnstt server to forward traffic to it. This enables SOCKS proxying through the tunnel. ```bash tunnel-server$ ssh -N -D 127.0.0.1:8000 -o NoHostAuthenticationForLocalhost=yes 127.0.0.1 # Enter the password of the local user on tunnel-server tunnel-server$ ./dnstt-server -udp :5300 -privkey-file server.key t.example.com 127.0.0.1:8000 ``` -------------------------------- ### Compile and Run dnstt Client Source: https://repo.or.cz/dnstt Instructions for building the dnstt-client from source and executing it using either DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT) protocols. ```bash cd dnstt-client go build ./dnstt-client -doh https://doh.example/dns-query -pubkey-file server.pub t.example.com 127.0.0.1:7000 ./dnstt-client -dot dot.example:853 -pubkey-file server.pub t.example.com 127.0.0.1:7000 ``` -------------------------------- ### Compile and Configure dnstt Server Source: https://repo.or.cz/dnstt.git Instructions for building the dnstt server from source, generating cryptographic keys for authentication, and launching the server process to handle DNS tunneling. ```bash cd dnstt-server go build ./dnstt-server -gen-key -privkey-file server.key -pubkey-file server.pub ./dnstt-server -udp :5300 -privkey-file server.key t.example.com 127.0.0.1:8000 ``` -------------------------------- ### Key Generation and Usage Source: https://repo.or.cz/dnstt.git Command-line instructions for generating cryptographic key pairs and configuring the dnstt-server and dnstt-client using hexadecimal strings. ```bash $ ./dnstt-server -gen-key privkey 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef pubkey 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff $ ./dnstt-server -udp :5300 -privkey 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef t.example.com 127.0.0.1:8000 $ ./dnstt-client -dot dot.example:853 -pubkey 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff t.example.com 127.0.0.1:7000 ``` -------------------------------- ### Compile dnstt Client Source: https://repo.or.cz/dnstt.git Compiles the dnstt client application from source. This is a prerequisite before running the client. ```bash tunnel-client$ cd dnstt-client tunnel-client$ go build ``` -------------------------------- ### Ncat HTTP Proxy over dnstt Source: https://repo.or.cz/dnstt Configuring an Ncat HTTP proxy on the server side and connecting via the dnstt tunnel on the client side. ```bash # Server side ncat -l -k --proxy-type http 127.0.0.1 8000 ./dnstt-server -udp :5300 -privkey-file server.key t.example.com 127.0.0.1:8000 # Client side ./dnstt-client -doh https://doh.example/dns-query -pubkey-file server.pub t.example.com 127.0.0.1:7000 curl --proxy http://127.0.0.1:7000/ https://wtfismyip.com/text ``` -------------------------------- ### SSH SOCKS Proxy over dnstt Source: https://repo.or.cz/dnstt Setting up a SOCKS proxy using OpenSSH through the dnstt tunnel, allowing for secure remote access. ```bash # Server side ssh -N -D 127.0.0.1:8000 -o NoHostAuthenticationForLocalhost=yes 127.0.0.1 ./dnstt-server -udp :5300 -privkey-file server.key t.example.com 127.0.0.1:8000 # Client side ./dnstt-client -doh https://doh.example/dns-query -pubkey-file server.pub t.example.com 127.0.0.1:7000 curl --proxy socks5h://127.0.0.1:7000/ https://wtfismyip.com/text ``` -------------------------------- ### Configure dnstt as a Tor Pluggable Transport Source: https://repo.or.cz/dnstt.git Commands to initialize the dnstt server and client for Tor bridge tunneling, followed by the configuration line required for the Tor client. ```bash tunnel-server$ ./dnstt-server -udp :5300 -privkey-file server.key t.example.com 127.0.0.1:9001 tunnel-client$ ./dnstt-client -doh https://doh.example/dns-query -pubkey-file server.pub t.example.com 127.0.0.1:7000 Bridge 127.0.0.1:7000 FINGERPRINT ``` -------------------------------- ### Control dnstt client uTLS fingerprint distribution Source: https://repo.or.cz/dnstt These commands demonstrate how to control the TLS fingerprint used by the dnstt client for covertness. The `-utls` option allows specifying a weighted distribution of fingerprints (e.g., '3*Firefox,2*Chrome,1*iOS') or a single fingerprint (e.g., 'Firefox'). The 'random' option uses a randomized fingerprint, while 'none' disables uTLS. ```bash $ ./dnstt-client -utls '3*Firefox,2*Chrome,1*iOS' ... ``` ```bash $ ./dnstt-client -utls Firefox ... ``` ```bash $ ./dnstt-client -utls random ... ``` -------------------------------- ### Protocol Stack Architecture Source: https://repo.or.cz/dnstt.git Visual representation of the dnstt protocol layering, showing how application data is encapsulated through smux, Noise, and KCP before being transmitted via DNS messages. ```text application data smux Noise KCP DNS messages DoH / DoT / UDP DNS ``` -------------------------------- ### Connect to dnstt Tunnel Client Source: https://repo.or.cz/dnstt.git Connects to the local end of the dnstt tunnel using ncat. This allows interaction with the tunnel once it's established. ```bash tunnel-client$ ncat -v 127.0.0.1 7000 ``` -------------------------------- ### Configure Linux Port Redirection for DNS Source: https://repo.or.cz/dnstt.git Commands to redirect incoming UDP DNS traffic from port 53 to an unprivileged port (5300) using iptables and ip6tables for secure execution. ```bash sudo iptables -I INPUT -p udp --dport 5300 -j ACCEPT sudo iptables -t nat -I PREROUTING -i eth0 -p udp --dport 53 -j REDIRECT --to-ports 5300 sudo ip6tables -I INPUT -p udp --dport 5300 -j ACCEPT sudo ip6tables -t nat -I PREROUTING -i eth0 -p udp --dport 53 -j REDIRECT --to-ports 5300 ``` -------------------------------- ### Access SOCKS Proxy via dnstt Client Source: https://repo.or.cz/dnstt.git Configures the dnstt client and uses curl to access a remote resource through the established SOCKS proxy tunnel. ```bash tunnel-client$ ./dnstt-client -doh https://doh.example/dns-query -pubkey-file server.pub t.example.com 127.0.0.1:7000 tunnel-client$ curl --proxy socks5h://127.0.0.1:7000/ https://wtfismyip.com/text ``` -------------------------------- ### Access HTTP Proxy via dnstt Client Source: https://repo.or.cz/dnstt.git Configures the dnstt client and uses curl to access a remote resource through the established HTTP proxy tunnel. ```bash tunnel-client$ ./dnstt-client -doh https://doh.example/dns-query -pubkey-file server.pub t.example.com 127.0.0.1:7000 tunnel-client$ curl --proxy http://127.0.0.1:7000/ https://wtfismyip.com/text ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.