Using zgrab2 to discover DNS over HTTPS servers

Question

Using zgrab2 to discover DNS over HTTPS servers

thomslor opened this issue 2 years ago · comments

For research studies, I'm trying to discover DNS over HTTPS resolvers in the wild by using zmap combined with zgrab2.

I use zmap to get a list of IPs with port 443 open and after that filter these addresses by sending an HTTP GET query corresponding to a DoH query for google.com.

I tried to adapt curl queries to zgrab2, without good success. Here is my try :

echo 1.1.1.1 | zgrab2 http --custom-headers-names='Accept' --custom-headers-values='application/dns-json' --max-redirects=4 --endpoint=/dns-query?name=google.com&type=A

Do you have ideas to make this work ?

Pierre · Answer 1 · Fri Nov 25 2022 22:16:03 GMT+0800 (China Standard Time)

zgrab2 http defaults to plain HTTP over port TCP/80. Just add --use-https --port 443 to your command line (also, protect the --endpoint value with quotes):

echo 1.1.1.1 | \
    zgrab2 http --use-https --port 443 \
        --custom-headers-names='Accept' \
        --custom-headers-values='application/dns-json' \
        --max-redirects=4 \
        --endpoint='/dns-query?name=google.com&type=A'

Thomas · Answer 2 · Sun Nov 27 2022 03:07:54 GMT+0800 (China Standard Time)

Thanks ! Issue is solved.