Get accurate IP for redirectors

chvancooten / NimPlant

A light-weight first-stage C2 implant written in Nim.

MIT License

779 stars 109 forks source link

Get accurate IP for redirectors #5

Closed vysecurity closed 1 year ago

vysecurity commented 1 year ago

What does it do?

Takes the external IP address from the HTTP packet if it exists to display the IP address of the external client instead of the intermediate proxy.

How did you do it?

Added retrieval of the information from HTTP header.

chvancooten commented 1 year ago

Since no verification depends on external IPs this fix should be fine. Theoretically, there could be cases where X-Forwarded-For contains multiple IP addresses I think, so potentially it needs some hardening there to prevent bugs. Looks good otherwise, will include it for 1.1 👍

chvancooten commented 1 year ago

Added a commit in the Dev branch that implements this a bit more robustly. Feel free to play around with it and let me know if it works well for your intended use case as well!

vysecurity commented 1 year ago

It's alright if it contains multiple IP addresses ;-) sometimes you need the path.

chvancooten commented 1 year ago

Which path do you mean? The parsed header should always point to the first IP address in the chain right?