Skip to content

MrSaighnal/google-sheets-socks

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
DEF CON 33
DEF CON 33
 
 
images
images
 
 
video
video
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
client.go
client.go
 
 
goproxy.go
goproxy.go
 
 
server.go
server.go
 
 

Repository files navigation

gssocks
twitter

GSSocks - Google Sheets SOCKS

Google Sheets SOCKS (GSS) is a post exploitation tool that implements SOCKS5 proxy channel using Google Sheets as the middle-man.
It enables SOCKS5-like proxying over spreadsheets, making it a powerful alternative when it’s too risky or impractical to deploy a classic C2 infrastructure.

✅ No need for VPS, DNS tunneling, or custom domains; just Google Sheets and a service account.

🧠 Concept

GSSocks creates a covert communication channel between a client (running on the attaccker system) and a server (deployed on target system).
All traffic is tunneled through Google Sheets in base64-encoded chunks, simulating SOCKS5 behavior internally.

  • The client writes data to the sheet using a connection ID and a role tag (client).
  • The server reads and processes this data, opens the target connection, and sends the response back via the same sheet (server role).
  • This allows arbitrary TCP connections from inside hardened environments with only Google services whitelisted.

⚙️ How It Works

  1. Client opens a local TCP listener (default: :9191) and encodes all data in base64.
  2. Each chunk is written to Google Sheets using a unique connID.
  3. Server polls Google Sheets:
    • Waits for SOCKS5 handshake data
    • Parses the target address from the payload
    • Connects to the real destination
  4. Server response is encoded, uploaded, and later read by the client.
  5. Communication continues asynchronously, chunk by chunk.

📷 Screenshots

Coming soon...

🚀 Usage

  1. Create a Google Sheet and share it with the Service Account email.
  2. Place the Google Sheet ID inside the client and server files
  3. Place the service account JSON inside the rawCredentials array.
  4. Build the tools:
go build -o client ./client.go
go build -o server ./server.go
go build -o goproxy ./goproxy.go
  1. Deploy the server and the goproxy binaries on the target machine and run it
  2. Run the client on the attacker machine
  3. configure proxychains to connect by using Socks5 protocol on port 9191
  4. Use your favourite tool via proxychains

🏴 Presented at DEF CON 33

RATs & Socks abusing Google Service

Google Calendar RAT: Infrastructure-less Command & Control and GSSocks

DEF CON 33
Originally showcased live at DEF CON 33, demonstrating covert C2 and SOCKS proxying over Google Services.

Disclaimer and notes GSSocks has been made in Italy with ❤️

Please do not use it for illegal purpose. I take no responsibility for the use that will be made of it.

About

SOCKS5 over Google (sheets) Service - DEF CON 33 Talk

Resources

Readme

License

MIT license
Activity

Stars

13 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages