C2 redirector base on caddy
Generate caddyfile with c2 malleable profiles
set trust_x_forwarded_for "true";
already enabled in C2 malleable profile1. Generate self-signed certificates with "self-signed-cert.py" :
python3 self-signed-cert.py -t [Https Server]
As you can see, localhost.*
are generated in core/cert-out
2. Enable set trust_x_forwarded_for "true";
in C2 malleable profile
3. Host & Referer headers needed to define in each client blocks of C2 malleable profile
:warning: Note: the fake sub-domain must exists in self-signed certificates SAN (subject alternative name) attribute
4. Copy the C2 profile into RedCaddy
I use threatexpress‘s jquery-c2.4.3.profile as demonstrate
5. Edit redirection rules in "chains.list"
443:https:192.168.128.64:10001
means incomming from port *:443 redirect to localhost https://192.168.128.64:10001
(C2 backend)
Q: What is "warden"?
A: Warden is a whitelist function feature to protect your teamserver port, this will generate a random link with random secure strings. The user without ability connect to teamserver before trigged it ("warden" behind 443 means handling the link on port 443).
6. Pass arguments the generator.py needed, then hit enter.
python3 generator.py -f geacon_jd_pro.profile -r forward-chains.list -c CN -vps-ip 1.1.1.1
7. Finally, run caddy with caddyfile just generated :)
sudo ./run.sh
8. Optional: Build the custom caddy with specific modules
git clone https://github.com/XiaoliChan/RedCaddy-core.git
cd cmd/caddy
go get github.com/aksdb/caddy-cgi/v2
go get github.com/XiaoliChan/caddy-maxmind-geolocation@self
CGO_ENABLED=0 go build
upx --best --lzma caddy
Q: Why not use json or yaml format?
A: Sorry, I don't know how to write caddyfile in json/yaml format.
Q: Can response 404 with unmatch routes?
A: Well, caddy can't do this ¯\(ツ)/¯.