Skip to content

Commit

Permalink
updating for httpx's updates
Browse files Browse the repository at this point in the history
  • Loading branch information
its-a-feature committed Nov 26, 2024
1 parent 15d6ccf commit 5e303d2
Show file tree
Hide file tree
Showing 6 changed files with 114 additions and 51 deletions.
22 changes: 11 additions & 11 deletions Payload_Type/poseidon/go.mod
Original file line number Diff line number Diff line change
@@ -1,21 +1,21 @@
module MyContainer

go 1.22.0
go 1.22.7

toolchain go1.22.2
toolchain go1.23.3

//replace github.com/MythicMeta/MythicContainer => ../../../../MythicMeta/MythicContainer

require (
github.com/MythicMeta/MythicContainer v1.4.7
github.com/MythicMeta/MythicContainer v1.4.9
github.com/google/uuid v1.6.0
github.com/mitchellh/mapstructure v1.5.0
github.com/pelletier/go-toml v1.9.5
golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c
golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f
)

require (
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/fsnotify/fsnotify v1.8.0 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/magiconair/properties v1.8.7 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
Expand All @@ -32,12 +32,12 @@ require (
github.com/spf13/viper v1.19.0 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/net v0.30.0 // indirect
golang.org/x/sys v0.26.0 // indirect
golang.org/x/text v0.19.0 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect
google.golang.org/grpc v1.67.1 // indirect
google.golang.org/protobuf v1.35.1 // indirect
golang.org/x/net v0.31.0 // indirect
golang.org/x/sys v0.27.0 // indirect
golang.org/x/text v0.20.0 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 // indirect
google.golang.org/grpc v1.68.0 // indirect
google.golang.org/protobuf v1.35.2 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
Expand Down
37 changes: 19 additions & 18 deletions Payload_Type/poseidon/go.sum
Original file line number Diff line number Diff line change
@@ -1,14 +1,15 @@
github.com/MythicMeta/MythicContainer v1.4.7 h1:Aelo4g18UPr6Po0CnGF3wujyoCUpoqkiVllrCPWUAb0=
github.com/MythicMeta/MythicContainer v1.4.7/go.mod h1:BnUYftqQ9KsGxBd6RlyRcAHBrqV1CUcrRCjktWwc2Do=
github.com/MythicMeta/MythicContainer v1.4.9/go.mod h1:BnUYftqQ9KsGxBd6RlyRcAHBrqV1CUcrRCjktWwc2Do=
github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
Expand Down Expand Up @@ -65,23 +66,23 @@ go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c h1:7dEasQXItcW1xKJ2+gg5VOiBnqWrJc+rq0DPKyvvdbY=
golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8=
golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo=
golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak=
golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 h1:zciRKQ4kBpFgpfC5QQCVtnnNAcLIqweL7plyZRQHVpI=
google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 h1:LWZqQOEjDyONlF1H6afSWpAL/znlREo2tHfLoe+8LMA=
google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU=
google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0=
google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA=
google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io=
google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
Expand Down
6 changes: 6 additions & 0 deletions Payload_Type/poseidon/poseidon/agent_code/CHANGELOG.MD
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).

## 2.1.12 - 2024-11-26

### Changed

- Updated httpx implementation to match latest v0.0.0.15 release of httpx

## 2.1.11 - 2024-11-15

### Changed
Expand Down
35 changes: 29 additions & 6 deletions Payload_Type/poseidon/poseidon/agent_code/pkg/profiles/httpx.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,18 +48,19 @@ type AgentVariationConfigMessage struct {
Name string `json:"name" toml:"name"`
}
type AgentVariationConfigClient struct {
Headers map[string]string `json:"headers" toml:"headers"`
Parameters map[string]string `json:"parameters" toml:"parameters"`
Message AgentVariationConfigMessage `json:"message" toml:"message"`
Transforms []AgentVariationConfigMessageTransform `json:"transforms" toml:"transforms"`
Headers map[string]string `json:"headers" toml:"headers"`
Parameters map[string]string `json:"parameters" toml:"parameters"`
DomainSpecificHeaders map[string]map[string]string `json:"domain_specific_headers" toml:"domain_specific_headers"`
Message AgentVariationConfigMessage `json:"message" toml:"message"`
Transforms []AgentVariationConfigMessageTransform `json:"transforms" toml:"transforms"`
}
type AgentVariationConfigServer struct {
Headers map[string]string `json:"headers" toml:"headers"`
Transforms []AgentVariationConfigMessageTransform `json:"transforms" toml:"transforms"`
}
type AgentVariationConfig struct {
Verb string `json:"verb" toml:"verb"`
URI string `json:"uri" toml:"uri"`
URIs []string `json:"uris" toml:"uris"`
Client AgentVariationConfigClient `json:"client" toml:"client"`
Server AgentVariationConfigServer `json:"server" toml:"server"`
}
Expand Down Expand Up @@ -434,6 +435,8 @@ func (c *C2HTTPx) increaseErrorCount() {
}
} else if c.DomainRotationMethod == "round-robin" {
c.CurrentDomain = (c.CurrentDomain + 1) % len(c.CallbackDomains)
} else if c.DomainRotationMethod == "random" {
c.CurrentDomain = rand.Intn(len(c.CallbackDomains))
} else {
utils.PrintDebug(fmt.Sprintf("unknown domain rotation method: %s\n", c.DomainRotationMethod))
}
Expand Down Expand Up @@ -782,7 +785,9 @@ func (c *C2HTTPx) CreateDynamicMessage(content []byte, isGetTaskingRequest bool)
}
}
bodyBuffer = bytes.NewBuffer(bodyBytes)
url := c.CallbackDomains[c.CurrentDomain] + variation.URI
// select a URI from this variation at random
uriIndex := rand.Intn(len(variation.URIs))
url := c.CallbackDomains[c.CurrentDomain] + variation.URIs[uriIndex]
utils.PrintDebug(fmt.Sprintf("method: %s\nURL: %s\n", variation.Verb, url))
req, err := http.NewRequest(variation.Verb, url, bodyBuffer)
if err != nil {
Expand Down Expand Up @@ -816,6 +821,24 @@ func (c *C2HTTPx) CreateDynamicMessage(content []byte, isGetTaskingRequest bool)
req.Header.Set(key, variation.Client.Headers[key])
}
}
for domain, _ := range variation.Client.DomainSpecificHeaders {
if domain == c.CallbackDomains[c.CurrentDomain] {
for key, _ := range variation.Client.DomainSpecificHeaders[domain] {
if key == "Host" {
req.Host = variation.Client.DomainSpecificHeaders[domain][key]
} else if key == "User-Agent" {
req.Header.Set(key, variation.Client.DomainSpecificHeaders[domain][key])
tr.ProxyConnectHeader = http.Header{}
tr.ProxyConnectHeader.Add("User-Agent", variation.Client.DomainSpecificHeaders[domain][key])
} else if key == "Content-Length" {
continue
} else {
req.Header.Set(key, variation.Client.DomainSpecificHeaders[domain][key])
}
}
}

}
// adding query parameters is a little weird in go

for key, _ := range variation.Client.Parameters {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"callback_interval": 2,
"killdate": "2024-12-31",
"encrypted_exchange_check": true,
"AESPSK": "1EhTUM7jVrdKBOhTLMx+fXT8a77Ge2XOUVNuMuhLSe4=",
"AESPSK": "ye6wt4oUi50HDnoNskj1e5HxIpWQWyJ1BeaSohZtbrk=",
"failover_threshold": 2,
"callback_domains": [
"http://127.0.0.1:82"
Expand All @@ -13,58 +13,92 @@
"name": "TEST",
"get": {
"verb": "GET",
"uri": "/my/uri/path",
"uris": [
"/my/uri/path"
],
"client": {
"headers": {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"
},
"parameters": {
"MyKey": "value"
},
"domain_specific_headers": {
"https://example.com:443": {
"User-Agent": "Test"
}
},
"message": {
"location": "cookie",
"name": "sessionID"
},
"transforms": [
{
"action": "base64url"
"action": "base64url",
"value": ""
}
]
},
"server": {
"headers": {
"Server": "Server",
"Cache-Control": "max-age=0, no-cache"
"Cache-Control": "max-age=0, no-cache",
"Server": "Server"
},
"transforms": [
{"action": "xor", "value": "keyHere"},
{"action": "base64url", "value": ""},
{"action": "prepend", "value": "{\"response\":\""},
{"action": "append", "value": "\"}"}
{
"action": "xor",
"value": "keyHere"
},
{
"action": "base64url",
"value": ""
},
{
"action": "prepend",
"value": "{\"response\":\""
},
{
"action": "append",
"value": "\"}"
},
{
"action": "netbios",
"value": ""
}
]
}
},
"post": {
"verb": "POST",
"uri": "/my/other/path",
"uris": [
"/my/other/path"
],
"client": {
"headers": {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"
},
"parameters": null,
"domain_specific_headers": null,
"message": {

"location": "",
"name": ""
},
"transforms": [
{"action": "xor", "value": "keyHere"},
{"action": "netbios", "value": ""}
{
"action": "xor",
"value": "keyHere"
},
{
"action": "base64url",
"value": ""
}
]
},
"server": {
"headers": {
"Keep-Alive": "true"
},
"transforms": [
]
"transforms": null
}
}
}
Expand Down
1 change: 0 additions & 1 deletion Payload_Type/poseidon/poseidon/agentfunctions/head.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package agentfunctions

import (
"fmt"

agentstructs "github.com/MythicMeta/MythicContainer/agent_structs"
)

Expand Down

0 comments on commit 5e303d2

Please sign in to comment.