Covert Channel Software

vstt - ICMP, POP3 and plain-text tunnel via fifo/socket in/out (2006)


vstt (very strange tunneling tool) is a program written to tunnel TCP connections (you can also tunnel everything else with it, if you can send/receive it via FIFOs). The key feature is that vstt is capable to tunnel the connection trough different protocols what makes it useful in nearly every situation that requires to bypass a firewall. vstt is for legal purposes only!


Key Features
  • blank TCP steam socket tunnels for IPv4 & IPv6 (98% done)
  • POP3 tunnel (hide data in POP3 requests) for IPv4 & IPv6 (92% done, already useful)
  • ICMP ping tunnel for IPv4 (95% done)
    • payload auto-fragmentation and re-assembling
    • re-send lost or damaged packets using an own (but slow) reliability protcol
  • accept input/output as TCP stream socket or via FIFO
Currently supported Platforms: i386 & amd64. Others may work too.

Currently supported Operating Systems: OpenBSD (tested on 4.0-current), Linux 2.6 (tested on 2.6.18)

Documentation
 
You can find the documentation in the sub directory doc/ of the .tgz file in form of a .pdf file as well as in form of a .tex file.

The online documentation can be found here.

Download
 
You can download all released versions of vstt here: http://www.wendzel.de/dr.org/files/Projects/vstt/.

Open Tasks
  • Solaris port
  • Port to big-endian platforms
  • find+fix the bug in the POP3 tunnel stuff that happens if you tunnel SSH over POP3
  • implement DNS tunnels
  • implement ICMPv6 tunnels
  • (strong) encryption

 

phcct - protocol hopping covert channel tool (PoC, 2007)

phcct (protocol hopping covert channel tool) is a tiny and basic proof of concept implementation of a protocol hopping covert channel (cf. my publications). In short, a protocol hopping covert channel is able to signal covert information while switching utilized network protocols to stay hidden.

Key Features
  • randomized tunneling trough 3 different TCP protocols
Currently supported Platforms: i386 & amd64. Others may work too.

Currently supported Operating Systems: OpenBSD (tested on 4.2-current), Linux 2.6 (tested on 2.6.22.x)

Download
 
You can download all released versions of phcct here: http://www.wendzel.de/dr.org/files/Projects/phcct/.

Open Tasks
  • add encryption
  • add support for additional protocols
  • add a packet mixing mode
  • kernel based implementation

 

pct - protocol channel tool (PoC, 2008)

pct (protocol channel tool) is a tiny and basic proof of concept implementation of a protocol channel (cf. list of my publications). In short, a protocol channel signals covert information only by the use of an element of a set of protocols.

Download
 
You can download the PoC code here: http://www.wendzel.de/dr.org/files/Projects/pct/.