id: detect-dns-over-https

info:
  name: Detect DNS over HTTPS
  author: geeknik
  reference:
    - https://developers.google.com/speed/public-dns/docs/doh/
    - https://developers.cloudflare.com/1.1.1.1/dns-over-https/wireformat
  severity: info
  tags: dns,doh,misc

requests:
  - method: GET
    path:
      - "{{BaseURL}}/dns-query?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB"
    headers:
      Accept: application/dns-message

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        part: header
        words:
          - "application/dns-message"

      - type: regex
        part: header
        regex:
          - "(C|c)ontent-(L|l)ength: 49"