HTTP Client Notifyer

[webiummedia]

Really intresting RAT. Congrats!

A feature that is missing would be the ability to turn on the clients webcam. Also something that would be appreciated would be the use of a remote http client notifyer query based. something.com/ip=%IP%&date=%DATE%&port=%PORT%[...]

Using a query based remote client list offers better anonimity ...

Everytime the user goes online the info would be send off to the online notifyer. Leving no traces or way to find the IP of the remote administrator.

[webiummedia]

Also i don't know if this was implemented yet as i have not tester the rat yet. But the ability to open stuff as a hidden window would be great.

Considering this rate is under dev, would be great to have an option to update the remote client with a newer client. It would then suicide the previous one and replace with the newer one from one push of a button.

[yankejustin]

Executing a program is already possible on QuasarRat, Updating is also possible on QuasarRat. Website visiting is also possible on QuasarRat. Here is another issue opened just for webcam capture. Use this issue instead.

[webiummedia]

It's not about website visiting ... it's about making the rat send the notification information to a web based logger.

[MaxXor]

Good suggestion, the RAT can send client information to a desired website. We could add something like a HTTP-Control for the RAT to allow more interaction.

[yankejustin]

@webiummedia Just make sure to have a separate issue for each suggestion or problem. I closed this issue due to the enhancements suggested that Quasar already has, but the first suggestion is actually a valid enhancement that we don't have yet. Just to clear things up. :)

[rabbitsmith]

What does this do. Somebody please explain the method.

[webiummedia]

When a server goes online it will send a set of GET vars to the provided URL. The external logger can then receive the data with out providing your no-ip inside the rat. Once you receive the GET vars, you can use the provided info to access the remote client. It can also be used as an SMS/email service notification when a client goes online. It would open the door to a whole new set of outside tools that could be builded by comunity members/users.

The whole idea is to log the connexions in a web based envirement. Using the provided info (Client IP, PORT, Username, Password), we can force a login from the quasar software.

Why would that be good? Well this whay you don't leave any IP/NO-IP inside the rat. The external logger can be secured on a hosting free of any problems and you can connect to it using a VPN or a proxy. Good luck in investigating that lol

If this feature gets added, i can build a PHP logger script to add on this repo.

[werkamsus]

I wanted to suggest this for ages - glad to See somebody finally got around to actually doing so. @webiummedia wouldn't POST requests be better? If you encrypt them (there is a native api i know that does that, don't have a link atm but it's called CSharp2PHP or something, can be found on codeproject) it would be way more secure, since anyone who has Access to the accessed web pages (URLs would suffice) (ie. Internet providers, mim attacks etc) could then use that info to either access the client without permission or expose your information. (Please ignore any typos, writing this on a mobile device without english autocorrect \o/)

[webiummedia]

Sure POST or GET / Encrypted or not would be a good feature. As for the security, the online logger can have a password feature when opened to avoid anybody to actually see the log and also the POST/GET to be logged can have a security string set in the builder that would prove that the data is legit.

[werkamsus]

@webiummedia I'm not talking about the security of the Web Panel, but about the security of the data that is being transmitted. If you were to send a completely unencrypted GET request (ie. example.com/?id=1&info=testString) it would be completely exposed to anyone with access to your last viewed sites etc. (ISP for example). That wouldn't be an issue with an AES (or otherwise) encrypted POST request, since they would only see a URL like example.com/phpScript and no real data.

[webiummedia]

Sure that's a good suggestion.

[rabbitsmith]

Will a web panel be implemented. If this HTTP Client notifier is used, it can only be used for reverse connections right?.

[werkamsus]

You could also add some 'on client startup' command that will be executed the next time the client goes online (uninstall, update etc). This wouldn't really be possible otherwise since the client would have to be online as a prerequisite in order for information to be transmitted to it.

[rabbitsmith]

Will a web panel be implemented. If this HTTP Client notifier is used, it can only be used for reverse connections right?.

[webiummedia]

@rabbitsmith Yes it could be used to establish a connection. Once we have the client ip/port/password i guess we have everything needed to establish a connection. It would just require a manual client input.

[alete89]

This feature is determinant when deciding to use or not this RAT. The fact that the client needs server critical information such as IP, ie. scares me (unless I'm misunderstanding something).

[yankejustin]

@alete89 No clue why it would scare you unless you are using it for the wrong reasons. :tongue: