Documentation ¶
Overview ¶
Package http implements the Client interface and contains the structures and functions to communicate to the Merlin server over the HTTP protocol
Index ¶
- type Client
- func (client *Client) Authenticate(msg messages.Base) (err error)
- func (client *Client) Construct(msg messages.Base) (data []byte, err error)
- func (client *Client) Deconstruct(data []byte) (messages.Base, error)
- func (client *Client) Get(key string) (value string)
- func (client *Client) Initial() (err error)
- func (client *Client) Listen() (returnMessages []messages.Base, err error)
- func (client *Client) Send(m messages.Base) (returnMessages []messages.Base, err error)
- func (client *Client) Set(key string, value string) (err error)
- func (client *Client) Synchronous() bool
- type Config
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct { Authenticator authenticators.Authenticator Client merlinHTTP.Client // Client to send messages with ClientType merlinHTTP.Type Protocol string // Protocol contains the transportation protocol the agent is using (i.e., http2 or smb-reverse) URL []string // A slice of URLs to send messages to (e.g., https://127.0.0.1:443/test.php) Host string // HTTP Host header value Proxy string // Proxy string ProxyUser string // ProxyUser string ProxyPass string // ProxyPass string JWT string // JSON Web Token for authorization Headers map[string]string // Additional HTTP headers to add to the request UserAgent string // HTTP User-Agent value PaddingMax int // PaddingMax is the maximum size allowed for a randomly selected message padding length Parrot string // Parrot is a feature of the github.com/refraction-networking/utls to mimic a specific browser JA3 string // JA3 is a string that represents how the TLS client should be configured, if applicable AgentID uuid.UUID // AgentID the Agent's unique identifier sync.Mutex // contains filtered or unexported fields }
Client is a type of MerlinClient that is used to send and receive Merlin messages from the Merlin server
func (*Client) Authenticate ¶
Authenticate is the top-level function used to authenticate an agent to server using a specific authentication protocol The function must take in a Base message for when the C2 server requests re-authentication through a message
func (*Client) Construct ¶
Construct takes in a messages.Base structure that is ready to be sent to the server and runs all the configured transforms on it to encode and encrypt it. Transforms will go from last in the slice to first in the slice
func (*Client) Deconstruct ¶
Deconstruct takes in data returned from the server and runs all the Agent's transforms on it until a messages.Base structure is returned. The key is used for decryption transforms
func (*Client) Initial ¶
Initial contains all the steps the agent and/or the communication profile need to take to set up and initiate communication with the server. If the agent needs to authenticate before it can send messages, that process will occur here.
func (*Client) Listen ¶
Listen waits for incoming data on an established connection, deconstructs the data into a Base messages, and returns them
func (*Client) Send ¶
Send takes in a Merlin message structure, performs any encoding or encryption, and sends it to the server. The function also decodes and decrypts response messages and returns a Merlin message structure. This is where the client's logic is for communicating with the server.
func (*Client) Synchronous ¶
Synchronous identifies if the client connection is synchronous or asynchronous, used to determine how and when messages can be sent/received.
type Config ¶
type Config struct { AgentID uuid.UUID // AgentID the Agent's UUID Protocol string // Protocol contains the transportation protocol the agent is using (i.e., http2 or smb-reverse) Host string // Host is used with the HTTP Host header for Domain Fronting activities Headers string // Headers is a new-line separated string of additional HTTP headers to add to client requests URL []string // URL is the protocol, domain, and page that the agent will communicate with (e.g., https://google.com/test.aspx) Proxy string // Proxy is the URL of the proxy that all traffic needs to go through, if applicable ProxyUser string // ProxyUser is the username for the proxy, if applicable ProxyPass string // ProxyPass is the password for the proxy, if applicable UserAgent string // UserAgent is the HTTP User-Agent header string that Agent will use while sending traffic Parrot string // Parrot is a feature of the github.com/refraction-networking/utls to mimic a specific browser PSK string // PSK is the Pre-Shared Key secret the agent will use to start authentication JA3 string // JA3 is a string that represents how the TLS client should be configured, if applicable Padding string // Padding is the max amount of data that will be randomly selected and appended to every message AuthPackage string // AuthPackage is the type of authentication the agent should use when communicating with the server Opaque []byte // Opaque is the byte representation of the EnvU object used with the OPAQUE protocol (future use) Transformers string // Transformers is an ordered comma seperated list of transforms (encoding/encryption) to apply when constructing a message InsecureTLS bool // InsecureTLS is a boolean that determines if the InsecureSkipVerify flag is set to true or false ClientType string // ClientType is the type of WINDOWS http client to use (e.g., WinINet, WinHTTP, etc.) }
Config is a structure used to pass in all necessary information to instantiate a new Client