Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auto-detect proxy settings attempts and ignore proxy not working #1282

Open
Green-m opened this issue Jun 6, 2023 · 4 comments
Open

Auto-detect proxy settings attempts and ignore proxy not working #1282

Green-m opened this issue Jun 6, 2023 · 4 comments
Labels
bug Something isn't working investigating

Comments

@Green-m
Copy link

Green-m commented Jun 6, 2023
edited
Loading

Describe the bug

I am trying to generate a beacon and run it on my mac, there is a proxy, the beacon parsed it and connect back through the proxy, it failed, and it never try to ignore the proxy and try to directly connect back. This is different from doc

To Reproduce
Steps to reproduce the behavior:

  1. generate: generate beacon --http http://<mysliverserver>?proxy= --http http://<mysliverserver> --os darwin --arch arm64 --save ./ -d
  2. run the beacon on m1 mac.

Expected behavior
The beacon should try to detect proxy and try to ignore the proxy when failed with proxy.

Desktop (please complete the following information):

  • MacOS M1
  • 13.2 (22D49)

Additional context

The log here:

2023/06/06 16:39:06 sliver.go:97: Hello my name is SPANISH_MANSERVANT
2023/06/06 16:39:06 limits.go:58: Limit checks completed
2023/06/06 16:39:06 sliver.go:114: Running in Beacon mode with ID: 453541a0-5bfd-459f-913d-60d669856678
2023/06/06 16:39:06 beacon.go:101: Starting beacon loop ...
2023/06/06 16:39:06 transports.go:41: Starting c2 url generator () ...
2023/06/06 16:39:06 transports.go:104: Return generator: (chan *url.URL)(0x14000102720)
2023/06/06 16:39:06 beacon.go:117: Recv from c2 generator ...
2023/06/06 16:39:06 transports.go:92: Yield c2 uri = 'http://<mysliverserver>'
2023/06/06 16:39:06 transports.go:92: Yield c2 uri = 'http://<mysliverserver>'
2023/06/06 16:39:06 beacon.go:121: Next CC = http://<mysliverserver>
2023/06/06 16:39:06 beacon.go:167: Beaconing -> http://<mysliverserver>
2023/06/06 16:39:06 beacon.go:121: Next CC = http://<mysliverserver>
2023/06/06 16:39:06 beacon.go:167: Beaconing -> http://<mysliverserver>
2023/06/06 16:39:06 transports.go:92: Yield c2 uri = 'http://<mysliverserver>'
2023/06/06 16:39:06 sliver.go:123: Next beacon = &{<reducted> http://<mysliverserver> }
2023/06/06 16:39:06 provider_darwin.go:260: [proxy.Provider.parseProxyInfo]: ProxyBypass="192.168.0.0/16,10.0.0.0/8,172.16.0.0/12,127.0.0.1,localhost,*.local,timestamp.apple.com,sequoia.apple.com,siri.apple.com,", targetUrl=https://<mysliverserver>, bypass=false
2023/06/06 16:39:06 gohttp.go:84: Found proxy &proxy.proxy{protocol:"", host:"127.0.0.1", port:0x1ed2, user:(*url.Userinfo)(nil), src:"State:/Network/Global/Proxies"}
2023/06/06 16:39:06 gohttp.go:91: Proxy URL = 'https://127.0.0.1:7890'
2023/06/06 16:39:06 httpclient.go:652: [http] segments = [v1 rest auth], filename = rpc, ext = php
2023/06/06 16:39:06 crypto.go:189: TOTP Code (2023-06-06 08:39:06.338013 +0000 UTC): 94173199
2023/06/06 16:39:06 httpclient.go:339: [http] POST -> https://<mysliverserver>/v1/rest/auth/rpc.html?fm=941p73b199&t=c355f15083 (106 bytes)
2023/06/06 16:39:06 httpclient.go:345: [http] http response error: Post "https://<mysliverserver>/v1/rest/auth/rpc.html?fm=941p73b199&t=c355f15083": proxyconnect tcp: EOF
2023/06/06 16:39:06 provider_darwin.go:260: [proxy.Provider.parseProxyInfo]: ProxyBypass="192.168.0.0/16,10.0.0.0/8,172.16.0.0/12,127.0.0.1,localhost,*.local,timestamp.apple.com,sequoia.apple.com,seed-sequoia.siri.apple.com", targetUrl=http://<mysliverserver>, bypass=false
2023/06/06 16:39:06 gohttp.go:84: Found proxy &proxy.proxy{protocol:"", host:"127.0.0.1", port:0x1ed2, user:(*url.Userinfo)(nil), src:"State:/Network/Global/Proxies"}
2023/06/06 16:39:06 gohttp.go:91: Proxy URL = 'https://127.0.0.1:7890'
2023/06/06 16:39:06 httpclient.go:652: [http] segments = [authenticate], filename = index, ext = php
2023/06/06 16:39:06 crypto.go:189: TOTP Code (2023-06-06 08:39:06.356195 +0000 UTC): 94173199
2023/06/06 16:39:06 httpclient.go:339: [http] POST -> http://<mysliverserver>/authenticate/index.html?lo=94173199&s=389u493m28 (106 bytes)
2023/06/06 16:39:06 httpclient.go:345: [http] http response error: Post "http://<mysliverserver>/authenticate/index.html?lo=94173199&s=389u493m28": proxyconnect tcp: EOF
2023/06/06 16:39:06 beacon.go:180: [beacon] http(s) connection error Post "http://<mysliverserver>/authenticate/index.html?lo=94173199&s=389u493m28": proxyconnect tcp: EOF
2023/06/06 16:39:06 sliver.go:150: Beacon init error: Post "http://<mysliverserver>/authenticate/index.html?lo=94173199&s=389u493m28": proxyconnect tcp: EOF
2023/06/06 16:39:06 sliver.go:136: Reconnect sleep: 1m0s
@Green-m
Copy link
Author

Green-m commented Jun 6, 2023

I think the problem is caused by the proxy setting because when I disabled the proxy on macos, the beacon connected successfully as it should.

@moloch-- moloch-- added bug Something isn't working investigating labels Jun 6, 2023
@RafBishopFox RafBishopFox mentioned this issue Jun 12, 2023
Merged
@Seenux

This comment was marked as off-topic.

Sign in to view
@Seenux
Copy link

Seenux commented Jul 7, 2023

2023/06/06 16:39:06 sliver.go:97: Hello my name is SPANISH_MANSERVANT
2023/06/06 16:39:06 limits.go:58: Limit checks completed
2023/06/06 16:39:06 sliver.go:114: Running in Beacon mode with ID: 453541a0-5bfd-459f-913d-60d669856678
2023/06/06 16:39:06 beacon.go:101: Starting beacon loop ...
2023/06/06 16:39:06 transports.go:41: Starting c2 url generator () ...
2023/06/06 16:39:06 transports.go:104: Return generator: (chan url.URL)(0x14000102720)
2023/06/06 16:39:06 beacon.go:117: Recv from c2 generator ...
2023/06/06 16:39:06 transports.go:92: Yield c2 uri = 'http://'
2023/06/06 16:39:06 transports.go:92: Yield c2 uri = 'http://'
2023/06/06 16:39:06 beacon.go:121: Next CC = http://
2023/06/06 16:39:06 beacon.go:167: Beaconing -> http://
2023/06/06 16:39:06 beacon.go:121: Next CC = http://
2023/06/06 16:39:06 beacon.go:167: Beaconing -> http://
2023/06/06 16:39:06 transports.go:92: Yield c2 uri = 'http://'
2023/06/06 16:39:06 sliver.go:123: Next beacon = &{ http:// }
2023/06/06 16:39:06 provider_darwin.go:260: [proxy.Provider.parseProxyInfo]: ProxyBypass="192.168.0.0/16,10.0.0.0/8,172.16.0.0/12,127.0.0.1,localhost,.local,timestamp.apple.com,sequoia.apple.com,siri.apple.com,", targetUrl=https://, bypass=false
2023/06/06 16:39:06 gohttp.go:84: Found proxy &proxy.proxy{protocol:"", host:"127.0.0.1", port:0x1ed2, user:(url.Userinfo)(nil), src:"State:/Network/Global/Proxies"}
2023/06/06 16:39:06 gohttp.go:91: Proxy URL = 'https://127.0.0.1:7890'
2023/06/06 16:39:06 httpclient.go:652: [http] segments = [v1 rest auth], filename = rpc, ext = php
2023/06/06 16:39:06 crypto.go:189: TOTP Code (2023-06-06 08:39:06.338013 +0000 UTC): 94173199
2023/06/06 16:39:06 httpclient.go:339: [http] POST -> https:///v1/rest/auth/rpc.html?fm=941p73b199&t=c355f15083 (106 bytes)
2023/06/06 16:39:06 httpclient.go:345: [http] http response error: Post "https:///v1/rest/auth/rpc.html?fm=941p73b199&t=c355f15083": proxyconnect tcp: EOF
2023/06/06 16:39:06 provider_darwin.go:260: [proxy.Provider.parseProxyInfo]: ProxyBypass="192.168.0.0/16,10.0.0.0/8,172.16.0.0/12,127.0.0.1,localhost,.local,timestamp.apple.com,sequoia.apple.com,seed-sequoia.siri.apple.com", targetUrl=http://, bypass=false
2023/06/06 16:39:06 gohttp.go:84: Found proxy &proxy.proxy{protocol:"", host:"127.0.0.1", port:0x1ed2, user:(*url.Userinfo)(nil), src:"State:/Network/Global/Proxies"}
2023/06/06 16:39:06 gohttp.go:91: Proxy URL = 'https://127.0.0.1:7890'
2023/06/06 16:39:06 httpclient.go:652: [http] segments = [authenticate], filename = index, ext = php
2023/06/06 16:39:06 crypto.go:189: TOTP Code (2023-06-06 08:39:06.356195 +0000 UTC): 94173199
2023/06/06 16:39:06 httpclient.go:339: [http] POST -> http:///authenticate/index.html?lo=94173199&s=389u493m28 (106 bytes)
2023/06/06 16:39:06 httpclient.go:345: [http] http response error: Post "http:///authenticate/index.html?lo=94173199&s=389u493m28": proxyconnect tcp: EOF
2023/06/06 16:39:06 beacon.go:180: [beacon] http(s) connection error Post "http:///authenticate/index.html?lo=94173199&s=389u493m28": proxyconnect tcp: EOF
2023/06/06 16:39:06 sliver.go:150: Beacon init error: Post "http:///authenticate/index.html?lo=94173199&s=389u493m28": proxyconnect tcp: EOF
2023/06/06 16:39:06 sliver.go:136: Reconnect sleep: 1m0s

@Seenux
Copy link

Seenux commented Jul 7, 2023

Uploading Screenshot_20230708_034406.jpg…

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working investigating
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@moloch-- @Green-m @Seenux