A DNS-over-HTTPS Command & Control Proof of Concept
godoh is a proof of concept Command and Control framework, written in Golang, that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google, Cloudflare but also contains the ability to use traditional DNS.
When looking at this traffic using an HTTP proxy, this conversation looks something like this:
All you would need are the
godoh binaries themselves. Binaries are available for download from the releases page as part of tagged releases.
godoh from source, follow the following steps:
- Ensure you have dep installed (
go get -v -u github.com/golang/dep/cmd/dep)
- Clone this repository to your
src/directory so that it is in
dep ensureto resolve dependencies
make keyto generate a unique encryption key to use for communication
- Use the
gobuild tools, or run
maketo build the binaries in the
$ godoh -h A DNS (over-HTTPS) C2 Version: dev By @leonjza from @sensepost Usage: godoh [command] Usage: godoh [command] Available Commands: agent Connect as an Agent to the DoH C2 c2 Starts the godoh C2 server help Help about any command receive Receive a file via DoH send Send a file via DoH test Test DNS communications Flags: -d, --domain string DNS Domain to use. (ie: example.com) -h, --help help for godoh -p, --provider string Preferred DNS provider to use. [possible: google, cloudflare, raw] (default "google") Use "godoh [command] --help" for more information about a command.
godoh is licensed under a GNU General Public v3 License. Permissions beyond the scope of this license may be available at http://sensepost.com/contact/.