commit
6ab613bdd3
23
README.md
23
README.md
|
@ -30,6 +30,7 @@ THANK YOU to all of the authors of the content referenced in this wiki and to al
|
|||
- [iptables for HTTP](#iptables-for-http)
|
||||
- [Payloads and Web Redirection](#payloads-and-web-redirection)
|
||||
- [C2 Redirection](#c2-redirection)
|
||||
- [C2 Redirection with HTTPS](#C2-redirection-with-https)
|
||||
- [Other Apache mod_rewrite Resources](#other-apache-mod_rewrite-resources)
|
||||
- [Modifying C2 Traffic](#modifying-c2-traffic)
|
||||
- [Cobalt Strike](#cobalt-strike)
|
||||
|
@ -311,6 +312,26 @@ The intention behind redirecting C2 traffic is twofold: obscure the backend team
|
|||
* [Cobalt Strike HTTP C2 Redirectors with Apache mod_rewrite - Jeff Dimmock](https://bluescreenofjeff.com/2016-06-28-cobalt-strike-http-c2-redirectors-with-apache-mod_rewrite/)
|
||||
* [Expand Your Horizon Red Team – Modern SAAS C2 - Alex Rymdeko-Harvey (@killswitch-gui)](https://cybersyndicates.com/2017/04/expand-your-horizon-red-team/)
|
||||
|
||||
### C2 Redirection with HTTPS
|
||||
|
||||
Building on "C2 Redirection" above, another method is to have your redirecting server use Apache's SSL Proxy Engine to accept inbound SSL requests, and proxy those to requests to a reverse-HTTPS listener. Encryption is used at all stages, and you can rotate SSL certificates on your redirector as needed.
|
||||
|
||||
To make this work with your mod_rewrite rules, you need to place your rules in **"/etc/apache2/sites-available/000-default-le-ssl.conf"** assuming you've used LetsEncrypt (aka CertBot) to install your certificate. Also, to enable the SSL ProxyPass engine, you'll need the following lines in that same config file:
|
||||
|
||||
```bash
|
||||
# Enable the Proxy Engine
|
||||
SSLProxyEngine On
|
||||
|
||||
# Tell the Proxy Engine where to forward your requests
|
||||
ProxyPass / https://DESTINATION_C2_URL:443/
|
||||
ProxyPassReverse / https://DESTINATION_C2_URL:443/
|
||||
|
||||
# Disable Cert checking, useful if you're using a self-signed cert
|
||||
SSLProxyCheckPeerCN off
|
||||
SSLProxyCheckPeerName off
|
||||
SSLProxyCheckPeerExpire off
|
||||
```
|
||||
|
||||
### Other Apache mod_rewrite Resources
|
||||
* [mod-rewrite-cheatsheet.com](http://mod-rewrite-cheatsheet.com/)
|
||||
* [Official Apache 2.4 mod_rewrite Documentation](http://httpd.apache.org/docs/current/rewrite/)
|
||||
|
@ -452,4 +473,4 @@ A BIG THANK YOU to all the following people (listed alphabetically) who contribu
|
|||
* [@n0pe_sled - Julian Catrambone](https://twitter.com/n0pe_sled)
|
||||
* [@tifkin_ - Lee Christensen](https://twitter.com/tifkin_)
|
||||
* [@vysecurity - Vincent Yiu](https://twitter.com/vysecurity)
|
||||
* [@xorrior - Chris Ross](https://twitter.com/xorrior)
|
||||
* [@xorrior - Chris Ross](https://twitter.com/xorrior)
|
||||
|
|
Loading…
Reference in New Issue