Documentation ¶
Overview ¶
There are a few things the parser/module does not account for with the profile:
The parser/module does not check the header details of the profile.
The parser/module does not validate the Verb set in the profile. It defaults to GET requests as valid for http-get block and POST request as valid for http-post block. Example: This module will block all traffic if http-get block is set with `set verb "POST"`
The http-stage `set uri_x86` and `set uri_x86` options are added to the AllowedGets array.
The PowerShell Empire framework uses the same profile structure as Cobalt Strike
Index ¶
- type C2Profile
- func (C2Profile) CaddyModule() caddy.ModuleInfo
- func (m *C2Profile) Cleanup() error
- func (m *C2Profile) Match(r *http.Request) bool
- func (m *C2Profile) ParseCobaltStrike() error
- func (m *C2Profile) ParseEmpire() error
- func (m *C2Profile) Provision(ctx caddy.Context) error
- func (m *C2Profile) UnmarshalCaddyfile(d *caddyfile.Dispenser) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type C2Profile ¶
type C2Profile struct { // The path of the C2 profile file Profile string `json:"profile"` // The C2 framework Framework string `json:"framework"` // Profile data Data []byte // A list of attributes to get from the profiles Useragent string AllowedGets []string AllowedPosts []string // contains filtered or unexported fields }
func (C2Profile) CaddyModule ¶
func (C2Profile) CaddyModule() caddy.ModuleInfo
func (*C2Profile) ParseCobaltStrike ¶
Parse Cobalt Strike profile to get User-Agent, URIs, and Headers
func (*C2Profile) ParseEmpire ¶
Parse Empire profile to get User-Agent, URIs, and Headers