A DNS-over-HTTPS Command & Control Proof of Concept


godoh is a proof of concept Command and Control framework, written in Golang, that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google, Cloudflare but also contains the ability to use traditional DNS.

When looking at this traffic using an HTTP proxy, this conversation looks something like this:


All you would need are the godoh binaries themselves. Binaries are available for download from the releases page as part of tagged releases.

To build godoh from source, follow the following steps:

  • Ensure you have dep installed (go get -v -u github.com/golang/dep/cmd/dep)
  • Clone this repository to your $GOPATH’s src/ directory so that it is in sensepost/godoh
  • Run dep ensure to resolve dependencies
  • Run make key to generate a unique encryption key to use for communication
  • Use the go build tools, or run make to build the binaries in the build/ directory


$ godoh -h
A DNS (over-HTTPS) C2
    Version: dev
    By @leonjza from @sensepost

  godoh [command]

  godoh [command]

Available Commands:
  agent       Connect as an Agent to the DoH C2
  c2          Starts the godoh C2 server
  help        Help about any command
  receive     Receive a file via DoH
  send        Send a file via DoH
  test        Test DNS communications

  -d, --domain string     DNS Domain to use. (ie: example.com)
  -h, --help              help for godoh
  -p, --provider string   Preferred DNS provider to use. [possible: google, cloudflare, raw] (default "google")

Use "godoh [command] --help" for more information about a command.


godoh is licensed under a GNU General Public v3 License. Permissions beyond the scope of this license may be available at http://sensepost.com/contact/.

Share this post


Welcome to Cyber-Security.tk my personal blog to share my knowledge
Cyber Security, Ethical Hacking, Web & Network Auditing, Reverse Engineering and Cryptography
This website don't use analytics tracking and is ads-free. JavaScript is enabled .


Contact Form : Connect with Us

    Ricochet : ricochet:3ka6l4q255cakeirgxupsl5i4lw3qpk5gmngtv5amax64hckuovgozyd

2023 © 0x1 | Cyber Security Consulting - Copyright All Rights Reserved