godoh is a proof of concept Command and Control framework, written in Golang, that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google, Cloudflare but also contains the ability to use traditional DNS.
When looking at this traffic using an HTTP proxy, this conversation looks something like this:
All you would need are the
godoh binaries themselves. Binaries are available for download from the releases page as part of tagged releases.
godoh from source, follow the following steps:
go get -v -u github.com/golang/dep/cmd/dep)
src/ directory so that it is in
dep ensure to resolve dependencies
make key to generate a unique encryption key to use for communication
go build tools, or run
make to build the binaries in the
$ godoh -h
A DNS (over-HTTPS) C2
By @leonjza from @sensepost
agent Connect as an Agent to the DoH C2
c2 Starts the godoh C2 server
help Help about any command
receive Receive a file via DoH
send Send a file via DoH
test Test DNS communications
-d, --domain string DNS Domain to use. (ie: example.com)
-h, --help help for godoh
-p, --provider string Preferred DNS provider to use. [possible: google, cloudflare, raw] (default "google")
Use "godoh [command] --help" for more information about a command.
godoh is licensed under a GNU General Public v3 License. Permissions beyond the scope of this license may be available at http://sensepost.com/contact/.