invizible is a file transfer program which allows copying of any files readable from any client machine to any remote machine using standard, unaltered DNS lookups/queries as its covert channel. A copy of the program must be run on both the originating (client) machine, and the destination (server) machine, with the server running/listening before the client starts the transfer. Raw sockets are used on the client, and the pcap library is used on the server so no listening ports and no tcp connections are required or used. The client needs to be able to send to a DNS server port 53. The server needs to be able to receive responses from a DNS server port 53. The in-progress file transfer is essentially undetectable from any point along the communications path. The source of the file transfer is also essentially undetectable.
This is a project based on the ideas presented in the covert_tcp.c program created by Craig H. Rowland in 1996 to allow arbitrary file transfers over covert channels by using the IP header identification field. Rather than using TCP, as Rowland did, invizible uses UDP packets bounced off any DNS server(s) for various lookup request/queries and maps these requests to an internal representation of the characters.
All bugs Latest bugs reported
Bug #775843: file written to disk on server is corrupt
Reported on 2011-05-02