Documentation
¶
Overview ¶
Package http implements the Client interface and contains the structures and functions to communicate to the Merlin server over the HTTP protocol
Index ¶
- type Client
- func (client *Client) Authenticate(msg messages.Base) (err error)
- func (client *Client) Construct(msg messages.Base) (data []byte, err error)
- func (client *Client) Deconstruct(data []byte) (messages.Base, error)
- func (client *Client) Get(key string) (value string)
- func (client *Client) Initial() (err error)
- func (client *Client) Listen() (returnMessages []messages.Base, err error)
- func (client *Client) Send(m messages.Base) (returnMessages []messages.Base, err error)
- func (client *Client) Set(key string, value string) (err error)
- func (client *Client) Synchronous() bool
- type Config
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
Authenticator authenticators.Authenticator
Client merlinHTTP.Client // Client to send messages with
ClientType merlinHTTP.Type
Protocol string // Protocol contains the transportation protocol the agent is using (i.e., http2 or smb-reverse)
URL []string // A slice of URLs to send messages to (e.g., https://127.0.0.1:443/test.php)
Host string // HTTP Host header value
Proxy string // Proxy string
ProxyUser string // ProxyUser string
ProxyPass string // ProxyPass string
JWT string // JSON Web Token for authorization
Headers map[string]string // Additional HTTP headers to add to the request
UserAgent string // HTTP User-Agent value
PaddingMax int // PaddingMax is the maximum size allowed for a randomly selected message padding length
Parrot string // Parrot is a feature of the github.com/refraction-networking/utls to mimic a specific browser
JA3 string // JA3 is a string that represents how the TLS client should be configured, if applicable
AgentID uuid.UUID // AgentID the Agent's unique identifier
sync.Mutex
// contains filtered or unexported fields
}
Client is a type of MerlinClient that is used to send and receive Merlin messages from the Merlin server
func (*Client) Authenticate ¶
Authenticate is the top-level function used to authenticate an agent to server using a specific authentication protocol The function must take in a Base message for when the C2 server requests re-authentication through a message
func (*Client) Construct ¶
Construct takes in a messages.Base structure that is ready to be sent to the server and runs all the configured transforms on it to encode and encrypt it. Transforms will go from last in the slice to first in the slice
func (*Client) Deconstruct ¶
Deconstruct takes in data returned from the server and runs all the Agent's transforms on it until a messages.Base structure is returned. The key is used for decryption transforms
func (*Client) Initial ¶
Initial contains all the steps the agent and/or the communication profile need to take to set up and initiate communication with the server. If the agent needs to authenticate before it can send messages, that process will occur here.
func (*Client) Listen ¶
Listen waits for incoming data on an established connection, deconstructs the data into a Base messages, and returns them
func (*Client) Send ¶
Send takes in a Merlin message structure, performs any encoding or encryption, and sends it to the server. The function also decodes and decrypts response messages and returns a Merlin message structure. This is where the client's logic is for communicating with the server.
func (*Client) Synchronous ¶
Synchronous identifies if the client connection is synchronous or asynchronous, used to determine how and when messages can be sent/received.
type Config ¶
type Config struct {
AgentID uuid.UUID // AgentID the Agent's UUID
Protocol string // Protocol contains the transportation protocol the agent is using (i.e., http2 or smb-reverse)
Host string // Host is used with the HTTP Host header for Domain Fronting activities
Headers string // Headers is a new-line separated string of additional HTTP headers to add to client requests
URL []string // URL is the protocol, domain, and page that the agent will communicate with (e.g., https://google.com/test.aspx)
Proxy string // Proxy is the URL of the proxy that all traffic needs to go through, if applicable
ProxyUser string // ProxyUser is the username for the proxy, if applicable
ProxyPass string // ProxyPass is the password for the proxy, if applicable
UserAgent string // UserAgent is the HTTP User-Agent header string that Agent will use while sending traffic
Parrot string // Parrot is a feature of the github.com/refraction-networking/utls to mimic a specific browser
PSK string // PSK is the Pre-Shared Key secret the agent will use to start authentication
JA3 string // JA3 is a string that represents how the TLS client should be configured, if applicable
Padding string // Padding is the max amount of data that will be randomly selected and appended to every message
AuthPackage string // AuthPackage is the type of authentication the agent should use when communicating with the server
Opaque []byte // Opaque is the byte representation of the EnvU object used with the OPAQUE protocol (future use)
Transformers string // Transformers is an ordered comma seperated list of transforms (encoding/encryption) to apply when constructing a message
InsecureTLS bool // InsecureTLS is a boolean that determines if the InsecureSkipVerify flag is set to true or false
ClientType string // ClientType is the type of WINDOWS http client to use (e.g., WinINet, WinHTTP, etc.)
}
Config is a structure used to pass in all necessary information to instantiate a new Client
Source Files