• Stars
    star
    161
  • Rank 233,470 (Top 5 %)
  • Language
    Python
  • Created about 2 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

C2 redirector base on caddy

RedCaddy

C2 redirector base on caddy

Table of content

Overview

Generate caddyfile with c2 malleable profiles

Feature

  • Block IP by GEOIP country
  • Allow requests by header matcher
  • User-agent & IP blacklist
  • Support multiple redirection
  • TeamServer port warden

Note

Quick start

  • Generate self-signed certificate
  • Build the custom caddy with specific modules (optional)
  • Make sure set trust_x_forwarded_for "true"; already enabled in C2 malleable profile
  • Copy your C2 malleable profile into RedCaddy
  • Add your redirect rules into files (E.g chains.list)
  • Finally, generate Caddyfile with the ugly python script.

Step by step

  • 1. Generate self-signed certificates with "self-signed-cert.py" :
    python3 self-signed-cert.py -t [Https Server]
    image As you can see, localhost.* are generated in core/cert-out
    image

  • 2. Enable set trust_x_forwarded_for "true"; in C2 malleable profile
    image

  • 3. Host & Referer headers needed to define in each client blocks of C2 malleable profile
    ⚠️ Note: the fake sub-domain must exists in self-signed certificates SAN (subject alternative name) attribute
    image

  • 4. Copy the C2 profile into RedCaddy
    I use threatexpress‘s jquery-c2.4.3.profile as demonstrate
    image

  • 5. Edit redirection rules in "chains.list"
    443:https:192.168.128.64:10001 means incomming from port *:443 redirect to localhost https://192.168.128.64:10001 (C2 backend)
    image

    Q: What is "warden"?
    A: Warden is a whitelist function feature to protect your teamserver port, this will generate a random link with random secure strings. The user without ability connect to teamserver before trigged it ("warden" behind 443 means handling the link on port 443).

  • 6. Pass arguments the generator.py needed, then hit enter.
    python3 generator.py -f geacon_jd_pro.profile -r forward-chains.list -c CN -vps-ip 1.1.1.1 image

  • 7. Finally, run caddy with caddyfile just generated :)
    sudo ./run.sh image

  • 8. Optional: Build the custom caddy with specific modules

git clone https://github.com/XiaoliChan/RedCaddy-core.git
cd cmd/caddy
go get github.com/aksdb/caddy-cgi/v2
go get github.com/porech/caddy-maxmind-geolocation
CGO_ENABLED=0 go build
upx --best --lzma caddy
  • Q: Why not use json or yaml format?
    A: Sorry, I don't know how to write caddyfile in json/yaml format.

  • Q: Can response 404 with unmatch routes?
    A: Well, caddy can't do this ¯\(ツ)/¯.

Reference