Sliver proxy connection leak User-agent

BishopFox / sliver

Adversary Emulation Framework

GNU General Public License v3.0

8.55k stars 1.13k forks source link

Sliver proxy connection leak User-agent #1775

Open nikaiw opened 2 months ago

nikaiw commented 2 months ago

Describe the bug With default configuration, when a beacon connect through a proxy, sliver seems to leak it's user-agent. "Go-http-client" To Reproduce Steps to reproduce the behavior: generate a beacon with proxy

Expected behavior sliver use it's randomly generated user-agent Screenshots

alcastronic commented 2 weeks ago

Can confirm this behavior. It uses the Go-Http-Client user agent in the Connect request.

$ python3 htt.py 
Server started http://xxx.xxx.xxx.xxx:3123

[+] CONNECT method called!
Host: api.example.com:443
User-Agent: Go-http-client/1.1

[+] POST method called!
Host: api.example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Length: 294
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip

alcastronic commented 2 weeks ago

This might be a solution, https://stackoverflow.com/questions/39577378/golang-net-http-transport-proxy-connect-method-header-supporting. Have not tested it yet, and I'm not really a go programmer, but it looks promising.