Skip to content

POC: Returning the http server location instead of the C2 connection string in the agent profile #31

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

POC: Returning the http server location instead of the C2 connection string in the agent profile #31

wants to merge 1 commit into from

Conversation

@mrengstrom
Copy link
Contributor

@mrengstrom mrengstrom commented Jun 25, 2021

Description

A fix for the behavior seen in mitre/caldera#2165
The way things currently run, the C2 connection string is what gets returned in the agent profile to the server, which is used to construct the agent object. The C2 string is nice to have, but places of replacement of #{server} in abilities are expecting the http server, so that seems the more appropriate value to send back.

Ideally we would send back both the http server and the connection strings, so that we could send payloads back and initialize agents with the same C2 channels. This all is more involved as P2P agents beacon in as upstream agents will have to implement web servers for file uploads and C2 channels for communications (all this work is done already for sandcat and it works in this specific way)

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

Tested the same scenario as the issue, and was able to reproduce it, then implement a fix that populates out the ability values correctly.

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • [NA] I have made corresponding changes to the documentation
  • [NA] I have added tests that prove my fix is effective or that my feature works

@mrengstrom mrengstrom added bug Something isn't working needs investigation look into this and validate it's a bug labels Jun 25, 2021
@wbooth wbooth marked this pull request as draft July 9, 2021 15:01
@deacon-mp deacon-mp requested a review from Copilot October 6, 2025 22:57
Copilot AI reviewed Oct 6, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes agent profile construction by returning the HTTP server location instead of the C2 connection string. The change addresses an issue where abilities expecting #{server} replacement were receiving the C2 connection string rather than the HTTP server URL they require.

  • Modified buildProfile function to accept and use HTTP server parameter
  • Updated profile creation to set "server" field to HTTP location instead of socket
  • Fixed function call to pass both socket and HTTP parameters

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

bug Something isn't working needs investigation look into this and validate it's a bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mrengstrom