No connection behind apache2 rev proxy

[russokiwi]

Hi, I've got a setup of apache2 terminating a domain and routing 443 for various services. For apollo the config is doing:

        ProxyPass /6666index http://127.0.0.1:6666
        ProxyPassReverse /6666index http://127.0.0.1:6666

I then have a Mythic http C2 profile / listener on port 6666 Opsec Passes.. like so:

Configuration Check message from http:
Failed to find port, 443, in C2 Profile configuration
This could indicate the use of a redirector, or a mismatch in expected connectivity.

This means there should be the following connectivity for success:
Agent via HTTPS on port 443 to https://www.example.com/6666index (should be a redirector).
Redirector then forwards request to C2 Profile container on one of the following ports: [{"port": 9999, "use_ssl": false}, {"port": 6666, "use_ssl": false}]

Server address (in the payload config) is set to https://www.example.com/6666index I've also tried as an alternate to change URI in the payload config (i.e. Server Name set to https://www.example.com and URI set to 6666index/Index

In both options I get no connect ? Why not ? Thanks!

[djhohnstein]

I'd crack open dnSpy and throw Apollo.exe into there and see if the field Endpoint is populated correctly on the DefaultProfile class. Then, I'd check to see if your reverse proxy is actually receiving connections from the agent itself. If it's receiving connections, but not forwarding to Mythic, that's the link in the chain that's broken. From your error messages I also see a mismatch in protocols. You specified a callback of https://example.com/ where as you're forwarding to a non-SSL enabled C2 profile container (that's the {"port": 6666, "use_ssl": false}. Specifying the HTTP profile to use SSL should solve your issue.

[russokiwi]

sorry for later reply just got to testing this... - and negative outcome unfortunately. I've implemented the change as suggested but put it on port 9999 (for the ssl) instead of 6666. Not quite sure however how the advise will work in theory. For example, externally we're looking at https://example.com (let's call this external end-point - ep) which has let's encrypt certs and terminatest the SSL, that in turn if it sees a URI of /9999index redirects it to internal non-ssl ep: http://127.0.0.1/9999 index address as per apache reverse proxy config. So let's change to ssl as suggested, (I guess I could use privately signed certs - let's encrypt will not support due to being in private lan), and leave the listening port on 9999 for the internal ep, so I've done this. I also left the callback port number on 443 so the agent knows the external port to call back to (assuming that's logical - the agent in theory doesn't need to know internal's port - that's the job of apache proxy). So anyway, I've tried this, no connect.. Any other suggestions ? I have metasploit and covenant working under the same reverse configuration (where external ep terminates ssl, and internal is http). There're however specific override settings exist in those that allow for such config. Here's the updated OPSEC: ` OPSEC message from http: Basic OPSEC Check Passed

Configuration Check message from http: Failed to find port, 443, in C2 Profile configuration This could indicate the use of a redirector, or a mismatch in expected connectivity.

This means there should be the following connectivity for success: Agent via HTTPS on port 443 to https://example.com/9999index (should be a redirector). Redirector then forwards request to C2 Profile container on one of the following ports: [{"port": 9999, "use_ssl": true}, {"port": 6666, "use_ssl": false}]

Alternatively, this might mean that you want to do SSL but are not using SSL within your C2 Profile container. To add SSL to your C2 profile:

1. Go to the C2 Profile page
2. Click configure for the http profile
3. Change 'use_ssl' to 'true' and make sure the port is 443
4. Click to stop the profile and then start it again

Thanks very much!`