Please don't add SSL support
Deos-1 opened this issue · comments
Someone recently asked for SSL support for C2 communications, but I think it is the wrong approach because some security products perform SSL interception and obtain clear-text visibility of all the data, as explained by this also great project: https://github.com/Mr-Un1k0d3r/ThunderShell
For this reason if I had to choose I would rather prefer to use weak XOR over HTTP than using HTTPS.
If you want to make this project even more awesome I would suggest AES over HTTP for encrypted communications, as used in this simple but elegant reverse shell: https://www.trustedsec.com/2012/03/building-a-native-http-shell-with-aes-in-python/
Also, AES over HTTP is a lot easier to implement than SSL in my opinion.
Keep it up, great project and thanks for sharing it.
Cool thanks