-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fallback to Direct Connection when HTTP Proxy Connection Fails #1295
Conversation
This should already be the default behavior, is there a bug in the existing implementation or how does this differ? |
@moloch-- I think there is a bug in the implementation. Here is the log from an implant before the PR:
The implant tries to connect through to the HTTPS C2 through the proxy then the HTTP C2 through the proxy. But when it wakes up from the reconnect sleep, it tries to connect through the proxy again. It never tries to connect directly from what I observed. I thought I could fix this by modifying the transport parameters on the fly. For example, we could change |
Addresses #1282. Adds a new advanced HTTP C2 option called
fallback
that tells the implant to attempt a direct connection to the C2 server if connection via a proxy server fails.Generating the implant:
The order of the connections is as described in the documentation when
fallback
is true: HTTPS with proxy, HTTP with proxy, HTTPS direct, HTTP direct:The PR adds a C2 entry for a direct connection to the C2 server if the
fallback
option is set to true and thewininet
driver is not specified. By default,fallback
is not set. The C2 with proxy server is kept in the rotation in case the connection can go through it on future attempts.