Updated README.md to include SSL Redirector tips

Using SSL Proxy Engine in Apache
master
Jeremy 2017-08-06 21:40:05 -07:00 committed by GitHub
parent 2fbad06825
commit c9f2cd4254
1 changed files with 22 additions and 1 deletions

View File

@ -30,6 +30,7 @@ THANK YOU to all of the authors of the content referenced in this wiki and to al
- [iptables for HTTP](#iptables-for-http) - [iptables for HTTP](#iptables-for-http)
- [Payloads and Web Redirection](#payloads-and-web-redirection) - [Payloads and Web Redirection](#payloads-and-web-redirection)
- [C2 Redirection](#c2-redirection) - [C2 Redirection](#c2-redirection)
- [C2 Redirection with HTTPS](#C2-redirection-with-https)
- [Other Apache mod_rewrite Resources](#other-apache-mod_rewrite-resources) - [Other Apache mod_rewrite Resources](#other-apache-mod_rewrite-resources)
- [Modifying C2 Traffic](#modifying-c2-traffic) - [Modifying C2 Traffic](#modifying-c2-traffic)
- [Cobalt Strike](#cobalt-strike) - [Cobalt Strike](#cobalt-strike)
@ -311,6 +312,26 @@ The intention behind redirecting C2 traffic is twofold: obscure the backend team
* [Cobalt Strike HTTP C2 Redirectors with Apache mod_rewrite - Jeff Dimmock](https://bluescreenofjeff.com/2016-06-28-cobalt-strike-http-c2-redirectors-with-apache-mod_rewrite/) * [Cobalt Strike HTTP C2 Redirectors with Apache mod_rewrite - Jeff Dimmock](https://bluescreenofjeff.com/2016-06-28-cobalt-strike-http-c2-redirectors-with-apache-mod_rewrite/)
* [Expand Your Horizon Red Team Modern SAAS C2 - Alex Rymdeko-Harvey (@killswitch-gui)](https://cybersyndicates.com/2017/04/expand-your-horizon-red-team/) * [Expand Your Horizon Red Team Modern SAAS C2 - Alex Rymdeko-Harvey (@killswitch-gui)](https://cybersyndicates.com/2017/04/expand-your-horizon-red-team/)
### C2 Redirection with HTTPS
Building on "C2 Redirection" above, another method is to have your redirecting server use Apache's SSL Proxy Engine to accept inbound SSL requests, and proxy those to requests to a reverse-HTTPS listener. Encryption is used at all stages, and you can rotate SSL certificates on your redirector as needed.
To make this work with your mod_rewrite rules, you need to place your rules in **"/etc/apache2/sites-available/000-default-le-ssl.conf"** assuming you've used LetsEncrypt (aka CertBot) to install your certificate. Also, to enable the SSL ProxyPass engine, you'll need the following lines in that same config file:
```bash
# Enable the Proxy Engine
SSLProxyEngine On
# Tell the Proxy Engine where to forward your requests
ProxyPass / https://DESTINATION_C2_URL:443/
ProxyPassReverse / https://DESTINATION_C2_URL:443/
# Disable Cert checking, useful if you're using a self-signed cert
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
```
### Other Apache mod_rewrite Resources ### Other Apache mod_rewrite Resources
* [mod-rewrite-cheatsheet.com](http://mod-rewrite-cheatsheet.com/) * [mod-rewrite-cheatsheet.com](http://mod-rewrite-cheatsheet.com/)
* [Official Apache 2.4 mod_rewrite Documentation](http://httpd.apache.org/docs/current/rewrite/) * [Official Apache 2.4 mod_rewrite Documentation](http://httpd.apache.org/docs/current/rewrite/)
@ -452,4 +473,4 @@ A BIG THANK YOU to all the following people (listed alphabetically) who contribu
* [@n0pe_sled - Julian Catrambone](https://twitter.com/n0pe_sled) * [@n0pe_sled - Julian Catrambone](https://twitter.com/n0pe_sled)
* [@tifkin_ - Lee Christensen](https://twitter.com/tifkin_) * [@tifkin_ - Lee Christensen](https://twitter.com/tifkin_)
* [@vysecurity - Vincent Yiu](https://twitter.com/vysecurity) * [@vysecurity - Vincent Yiu](https://twitter.com/vysecurity)
* [@xorrior - Chris Ross](https://twitter.com/xorrior) * [@xorrior - Chris Ross](https://twitter.com/xorrior)