home/categories/debugging/mukul975-anthropic-cybersecurity-skills-skills-hunting-for-domain-fronting-c2-traffic-skill-md

debuggingtools

hunting-for-domain-fronting-c2-traffic

Name: hunting-for-domain-fronting-c2-traffic
Author: mukul975

Detect domain fronting C2 traffic by analyzing SNI vs HTTP Host header mismatches in proxy logs and TLS certificate discrepancies using pyOpenSSL for certificate inspection

View Source debugging

maintainer

mukul975

Updated 4/6/2026

Stars

4240

Forks

464

quick start

Installation and usage

Detect domain fronting C2 traffic by analyzing SNI vs HTTP Host header mismatches in proxy logs and TLS certificate discrepancies using pyOpenSSL for certificate inspection

Installation

$ install --globalskills.sh

Usage

Once installed, you can use this skill by running the following command in your terminal:

skills use hunting-for-domain-fronting-c2-traffic