diff --git a/client/assets/c2profiles.go b/client/assets/c2profiles.go index 4cddcf4938..04d3784441 100644 --- a/client/assets/c2profiles.go +++ b/client/assets/c2profiles.go @@ -32,10 +32,10 @@ type HTTPC2ServerConfig struct { } type NameValueProbability struct { - Name string `json:"name"` - Value string `json:"value"` - Probability int `json:"probability"` - Methods []string + Name string `json:"name"` + Value string `json:"value"` + Probability int `json:"probability"` + Methods []string `json:"methods"` } // HTTPC2ImplantConfig - Implant configuration options @@ -56,7 +56,7 @@ type HTTPC2ImplantConfig struct { NonceQueryArgChars string `json:"nonce_query_args"` URLParameters []NameValueProbability `json:"url_parameters"` - Headers []NameValueProbability `json:"headers"` + Headers []NameValueProbability `json:"client_headers"` MaxFiles int `json:"max_files"` MinFiles int `json:"min_files"` diff --git a/client/command/c2profiles/c2profiles.go b/client/command/c2profiles/c2profiles.go index 8437977773..a16007230d 100644 --- a/client/command/c2profiles/c2profiles.go +++ b/client/command/c2profiles/c2profiles.go @@ -453,6 +453,17 @@ func C2ConfigToProtobuf(profileName string, config *assets.HTTPC2Config) *client }) } + for _, clientHeader := range config.ImplantConfig.Headers { + for _, method := range clientHeader.Methods { + httpC2Headers = append(httpC2Headers, &clientpb.HTTPC2Header{ + Method: method, + Name: clientHeader.Name, + Value: clientHeader.Value, + Probability: int32(clientHeader.Probability), + }) + } + } + implantConfig := &clientpb.HTTPC2ImplantConfig{ UserAgent: config.ImplantConfig.UserAgent, ChromeBaseVersion: int32(config.ImplantConfig.ChromeBaseVersion), diff --git a/implant/sliver/transports/httpclient/httpclient.go b/implant/sliver/transports/httpclient/httpclient.go index a86552ce10..8eee99b7fc 100644 --- a/implant/sliver/transports/httpclient/httpclient.go +++ b/implant/sliver/transports/httpclient/httpclient.go @@ -238,7 +238,7 @@ func (s *SliverHTTPClient) newHTTPRequest(method string, uri *url.URL, body io.R Name string Value string Probability string - Methods []string + Method string } // HTTP C2 Profile headers @@ -248,20 +248,15 @@ func (s *SliverHTTPClient) newHTTPRequest(method string, uri *url.URL, body io.R Name: "{{$header.Name}}", Value: "{{$header.Value}}", Probability: "{{$header.Probability}}", - Methods: []string{ - // {{range $method := $header.Methods}} - "{{$method}}", - // {{end}} - }, + Method: "{{$header.Method}}", }, // {{end}} } + for _, header := range extraHeaders { - // Empty array means all methods (backwards compatibility) - if len(header.Methods) > 0 { - if !contains(header.Methods, method) { - continue - } + + if len(header.Method) > 0 && header.Method != method { + continue } // {{if .Config.Debug}} log.Printf("Rolling to add HTTP header '%s: %s' (%s)", header.Name, header.Value, header.Probability) diff --git a/server/db/helpers.go b/server/db/helpers.go index 869423d60f..db256e2252 100644 --- a/server/db/helpers.go +++ b/server/db/helpers.go @@ -470,6 +470,13 @@ func HTTPC2ConfigUpdate(newConf *clientpb.HTTPC2Config, oldConf *clientpb.HTTPC2 return err.Error } + err = Session().Where(&models.HttpC2Header{ + HttpC2ServerConfigID: &clientID, + }).Delete(&models.HttpC2Header{}) + if err.Error != nil { + return err.Error + } + err = Session().Where(&models.ImplantConfig{ ID: clientID, }).Updates(c2Config.ImplantConfig) @@ -487,6 +494,16 @@ func HTTPC2ConfigUpdate(newConf *clientpb.HTTPC2Config, oldConf *clientpb.HTTPC2 } } + for _, header := range c2Config.ImplantConfig.Headers { + header.HttpC2ImplantConfigID = &clientID + err = Session().Clauses(clause.OnConflict{ + UpdateAll: true, + }).Create(&header) + if err.Error != nil { + return err.Error + } + } + serverID, _ := uuid.FromString(oldConf.ServerConfig.ID) err = Session().Where(&models.HttpC2Cookie{