Open MaorSabag opened 2 weeks ago
Just tried to replicate it, everything is working fine, maybe try generating with -d
and post the logs of the client?
Screenshot with -d
options:
Oh I did not use wininet driver, can you try without that?
Got a few insights 😅
Without the driver
parameter set but with a proxy set on the Windows host, got the same results:
Without the driver
parameter set and without the proxy set on the Windows host, got a successful result:
Seems like a bug. I'm dealing with an organization proxy, thus the proxy options should be included if I want to use my frontdoor.
Yes seems like a bug, I don't have the time right now but maybe others can look into it.
I don't see any references to WINHTTP_ACCESS_TYPE_AUTOMATIC_PROXY
which should detect the proxy automatically.
But I am not too sure.
I had a very similar problem, but with Cloudflare instead of Azure. I solved it by removing the driver=wininet
parameter when generating a beacon e.g.
generate beacon --http http://cdnjs.com?host-header=XXXXXXXX.worker.dev --seconds 5 --jitter 4 --save /tmp/beacon_http2.exe
I had a very similar problem, but with Cloudflare instead of Azure. I solved it by removing the
driver=wininet
parameter when generating a beacon e.g.generate beacon --http http://cdnjs.com?host-header=XXXXXXXX.worker.dev --seconds 5 --jitter 4 --save /tmp/beacon_http2.exe
Do you have any ideas on how I'd do this using CloudFront?
Describe the bug I have a frontdoor setup on azure for domain fronting (for example: frontdoor.azureedge.net), when generating an http/s payload and setting the host-header to the azure domain, it does not set it up when the payload is executed.
To Reproduce Steps to reproduce the behavior:
generate --http ajax.microsoft.com/api?driver=wininet&host-header=frontdoor.azureedge.net --skip-symbols
Expected behavior the host header should be: frontdoor.azureedge.net with the domain of ajax.microsoft.com.
Screenshots The request sent from the payload:
Working request to the azure frontdoor by setting the host header manually:
Desktop (please complete the following information):
Additional context Even tried to change the code manually (eventhough I'm so sure about), set the req.Host = "frontdoor.azureedge.net". But it had not effect on the request.