its-a-feature
commented
1 year ago Just tested your finding and it seems to work just fine, so I updated the http code to not set that if there's nothing in the proxy_dict. Thanks for finding that!
Closed coolcoolnoworries closed 1 year ago
its-a-feature
commented
1 year ago Just tested your finding and it seems to work just fine, so I updated the http code to not set that if there's nothing in the proxy_dict. Thanks for finding that!
coolcoolnoworries
commented
1 year ago Thank you, I appreciate it!
Ran into an interesting problem. If an apfell payload is generated without specifying proxy information, and the apfell payload is run on say a corporate machine that requires proxy authentication, apfell will not be able to talk out. This sounds obvious. But it WILL work if you comment out the lines containing: session_config.connectionProxyDictionary = $(this.proxy_dict);
Its like the NSURLSession object is still attempting to use the proxy_dict object, even though its empty. Commenting out the lines appears to allow the apfell JXA to reference the system proxy settings and egress successfully.
The issue here is that during an operation, there would be no way to know the proxy info ahead of time, so requiring the hardcoding of this information in order for apfell to function isn't ideal. Maybe add some logic to check if the proxy_dict object is empty, and if so, it skips the connectionProxyDictionary call? Thanks in advance.
OS: Big Sur System Version: macOS 11.6.6 (20G624) Kernel Version: Darwin 20.6.0 Model Name: MacBook Pro Model Identifier: MacBookPro15,1 Mythic version: v2.3.9