Skip to content

Instantly share code, notes, and snippets.

@wkrp
Last active July 13, 2023 08:30
Show Gist options
  • Save wkrp/0712b87ab095dd0f77c56b02646060b7 to your computer and use it in GitHub Desktop.
Save wkrp/0712b87ab095dd0f77c56b02646060b7 to your computer and use it in GitHub Desktop.
Proof-of-concept Shadowsocks plugin for dnstt (DNS tunnel)
#!/bin/bash
# ss-local -s 0.0.0.1 -p 1 -l 1080 -k password --plugin dnstt-client-plugin --plugin-opts 'doh=https://doh.example/dns-query;domain=<domain>;pubkey=<pubkey>'
DNSTT_CLIENT="./dnstt-client"
unset TRANSPORT RESOLVER PUBKEY DOMAIN
IFS=";" read -a OPTIONS <<<"$SS_PLUGIN_OPTIONS"
for opt in "${OPTIONS[@]}"; do
IFS="=" read key value <<<"$opt"
case "$key" in
doh ) TRANSPORT=-doh; RESOLVER="$value";;
dot ) TRANSPORT=-dot; RESOLVER="$value";;
udp ) TRANSPORT=-udp; RESOLVER="$value";;
pubkey ) PUBKEY="$value";;
domain ) DOMAIN="$value";;
esac
done
TRANSPORT="${TRANSPORT:?need doh=, dot=, or udp=}"
RESOLVER="${RESOLVER:?need doh=, dot=, or udp=}"
PUBKEY="${PUBKEY:?need pubkey=}"
DOMAIN="${DOMAIN:?need domain=}"
SS_LOCAL_HOST="${SS_LOCAL_HOST:?}"
SS_LOCAL_PORT="${SS_LOCAL_PORT:?}"
exec "$DNSTT_CLIENT" "$TRANSPORT" "$RESOLVER" -pubkey "$PUBKEY" "$DOMAIN" "$SS_LOCAL_HOST:$SS_LOCAL_PORT"
#!/bin/bash
# ss-server -p 53 -k <password> --plugin dnstt-server-plugin --plugin-opts 'domain=<domain>;privkey=<privkey>'
DNSTT_SERVER="./dnstt-server"
unset PRIVKEY DOMAIN MTU
IFS=";" read -a OPTIONS <<<"$SS_PLUGIN_OPTIONS"
for opt in "${OPTIONS[@]}"; do
IFS="=" read key value <<<"$opt"
case "$key" in
privkey ) PRIVKEY="$value";;
domain ) DOMAIN="$value";;
mtu ) MTU="$value";;
esac
done
PRIVKEY="${PRIVKEY:?need privkey=}"
DOMAIN="${DOMAIN:?need domain=}"
SS_LOCAL_HOST="${SS_LOCAL_HOST:?}"
SS_LOCAL_PORT="${SS_LOCAL_PORT:?}"
SS_REMOTE_HOST="${SS_REMOTE_HOST:?}"
SS_REMOTE_PORT="${SS_REMOTE_PORT:?}"
exec "$DNSTT_SERVER" -udp "$SS_REMOTE_HOST:$SS_REMOTE_PORT" -privkey "$PRIVKEY" ${MTU:+-mtu "$MTU"} "$DOMAIN" "$SS_LOCAL_HOST:$SS_LOCAL_PORT"
@wkrp
Copy link
Author

wkrp commented May 7, 2020

Proof-of-concept Shadowsocks plugin for dnstt (DNS tunnel). The Bash scripts interpret $SS_* environment variables and run dnstt-client/dnstt-server as required. I was able to use these scripts with shadowsocks-libev 3.3.4. Example:

server$ ./dnstt-server -gen-key
privkey 929c639fb6bc6156542bef47d374bb7c233bc29c293db65a8f631553483053f5
pubkey  9fda8f686500a57ff8e2f77ec1194f0f6e33289c42bb9b4af08fb15c99c64347
server$ ss-server -v -p 53 -k password --plugin dnstt-server-plugin --plugin-opts 'domain=t.example.com;privkey=929c639fb6bc6156542bef47d374bb7c233bc29c293db65a8f631553483053f5'
client$ ss-local -v -s 0.0.0.1 -p 1 -l 1080 -k password --plugin dnstt-client-plugin --plugin-opts 'doh=https://doh.example/dns-query;domain=t.example.com;pubkey=9fda8f686500a57ff8e2f77ec1194f0f6e33289c42bb9b4af08fb15c99c64347'
client$ curl --proxy socks5://127.0.0.1:1080/ https://shadowsocks.org/en/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment