- Make sure you cloned the submodules:
git submodule init && git submodule update
CodeSigning.xcconfigand fill in
DEVELOPMENT_TEAMwith your Team ID (found here) and choose a unique
PurpleHaze.xcodeprojand build it.
Read iodine’s documentations for instructions on setting up a server. Once you have
iodined running on your computer and the nameserver pointed to your IP, you can tunnel into the private subnet created by
iodined from Purple Haze. Note that without additional configuration, you cannot use the tunnel to browse the web (or connect to WAN). You can then setup a SSH tunnel (by connecting to
10.0.0.1 or whatever your iodine server IP is set to) or a HTTP(S) proxy and configuring Purple Haze to use that proxy in the advanced settings.
If you are running
iodined on a Linux machine/VM, then you can do the following to forward the TAP traffic to the internet.
# sysctl -e net.ipv4.ip_forward=1 # iptables -t nat -A POSTROUTING -s 10.0.0.0/255.255.224.0 -o eth0 -j MASQUERADE
10.0.0.0/255.255.224.0 is the IP/subnet of your
iodined TAP interface and
eth0 is the Ethernet interface.) Note this could pose a security issue as Iodine’s authentication is pretty weak.
- Make sure you built and are running the same release of iodine server from GitHub as the client in Purple Haze.
- Iodine server seems more stable on Linux than macOS. If you are having trouble connecting to iodined, try running it from a Linux VM.
- Try running iodine client on your computer on the same network to debug connection issues.
- DNS tunneling to bypass paid WiFi is a well known trick and likely won’t work on any modern network.
What’s with the name?
- “Purple Haze” is a great Jimi Hendrix song.
- Iodine, the DNS tunnel this project is based off (itself named after the atomic number 53 which is also the port number for DNS), is a purple gas at room temperature.
- Purple was the codename for the original iPhone.