Someone recently asked for SSL support for C2 communications, but I think it is the wrong approach because some security products perform SSL interception and obtain clear-text visibility of all the data, as explained by this also great project: https://github.com/Mr-Un1k0d3r/ThunderShell

For this reason if I had to choose I would rather prefer to use weak XOR over HTTP than using HTTPS.

If you want to make this project even more awesome I would suggest AES over HTTP for encrypted communications, as used in this simple but elegant reverse shell: https://www.trustedsec.com/2012/03/building-a-native-http-shell-with-aes-in-python/

Also, AES over HTTP is a lot easier to implement than SSL in my opinion.

Keep it up, great project and thanks for sharing it.

Cool thanks