I used something similar to this in the past to evade traffic manipulation on a controlled network. Iodine gives you a full tun/tap connection and encapsulates an ipv4 connection over dns null requests and responses. I'm not sure it is stealthy as such countless random requests to a single wildcard domain look a little suspicious even in the high noise environment I was testing in the blue team caught on after a few months.
I ran mosh and ssh over top to secure the connection
Just enough bandwidth for an 80x30 in realtimehttps://code.kryo.se/iodine/
No comments yet.