#25874: DNS-based rendezvous for Snowflake
 Reporter:  dcf                    |          Owner:  (none)
     Type:  project                |         Status:  new
 Priority:  Medium                 |      Milestone:
Component:  Obfuscation/Snowflake  |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:                         |  Actual Points:
Parent ID:                         |         Points:
 Reviewer:                         |        Sponsor:

Comment (by dcf):

 For testing purposes, I set up snowflake-broker.bamsoftware.com to be the
 authoritative nameserver for the subdomain test.bamsoftware.com. (I think;
 I'm not too good at this DNS stuff.) There is no responder running there
 yet, but you can use tcpdump on the broker to watch requests arrive:
 tcpdump -n -X port 53

 Then, from somewhere else, try a normal DNS query. In the tcpdump you
 should see requests arrive from your ISP's recursive nameserver.
 dig message${RANDOM}.test.bamsoftware.com

 Here is sample Python 2 code for doing requests over the DNS-over-
 HTTPS server.
 #!/usr/bin/env python

 NAME = "whatever.test.bamsoftware.com"

 from scapy.all import *
 import base64
 import requests

 # https://developers.cloudflare.com/
 print("POST application/dns-udpwireformat")
 udpwireformat = str(DNS(rd=True, qd=DNSQR(qtype="A", qname=NAME)))
 r = requests.post("";,
     headers = {
         "Accept": "application/dns-udpwireformat",
         "Content-Type": "application/dns-udpwireformat",
     data = udpwireformat,

 # https://developers.cloudflare.com/
 print("POST application/dns-udpwireformat")
 udpwireformat = str(DNS(rd=True, qd=DNSQR(qtype="A", qname=NAME)))
 r = requests.get("";,
     params = {
         "dns": base64.urlsafe_b64encode(udpwireformat),
         "ct": "application/dns-udpwireformat",

 # https://developers.cloudflare.com/
 print("GET application/dns-json")
 r = requests.get("";,
     params = {
         "name": NAME,
         "type": "A",
         "ct": "application/dns-json",
 print r.text

 If you run this, you will see requests arrive at the broker and responses
 come back with `rcode=server-failure`, which is expected because there's
 nothing running at snowflake-broker.bamsoftware.com:53 yet.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25874#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
tor-bugs mailing list

Reply via email to