/RedCaddy

C2 redirector base on caddy

Primary LanguagePython

RedCaddy

C2 redirector base on caddy

Table of content

Overview

Generate caddyfile with c2 malleable profiles

Feature

  • Block IP by GEOIP country
  • Allow requests by header matcher
  • User-agent & IP blacklist
  • Support multiple redirection
  • TeamServer port warden

Note

Quick start

  • Generate self-signed certificate
  • Build the custom caddy with specific modules (optional)
  • Make sure set trust_x_forwarded_for "true"; already enabled in C2 malleable profile
  • Copy your C2 malleable profile into RedCaddy
  • Add your redirect rules into files (E.g chains.list)
  • Finally, generate Caddyfile with the ugly python script.

Step by step

  • 1. Generate self-signed certificates with "self-signed-cert.py" :
    python3 self-signed-cert.py -t [Https Server]
    image As you can see, localhost.* are generated in core/cert-out
    image

  • 2. Enable set trust_x_forwarded_for "true"; in C2 malleable profile
    image

  • 3. Host & Referer headers needed to define in each client blocks of C2 malleable profile
    ⚠️ Note: the fake sub-domain must exists in self-signed certificates SAN (subject alternative name) attribute
    image

  • 4. Copy the C2 profile into RedCaddy
    I use threatexpress‘s jquery-c2.4.3.profile as demonstrate
    image

  • 5. Edit redirection rules in "chains.list"
    443:https:192.168.128.64:10001 means incomming from port *:443 redirect to localhost https://192.168.128.64:10001 (C2 backend)
    image

    Q: What is "warden"?
    A: Warden is a whitelist function feature to protect your teamserver port, this will generate a random link with random secure strings. The user without ability connect to teamserver before trigged it ("warden" behind 443 means handling the link on port 443).

  • 6. Pass arguments the generator.py needed, then hit enter.
    python3 generator.py -f geacon_jd_pro.profile -r forward-chains.list -c CN -vps-ip 1.1.1.1 image

  • 7. Finally, run caddy with caddyfile just generated :)
    sudo ./run.sh image

  • 8. Optional: Build the custom caddy with specific modules

git clone https://github.com/XiaoliChan/RedCaddy-core.git
cd cmd/caddy
go get github.com/aksdb/caddy-cgi/v2
go get github.com/porech/caddy-maxmind-geolocation
CGO_ENABLED=0 go build
upx --best --lzma caddy
  • Q: Why not use json or yaml format?
    A: Sorry, I don't know how to write caddyfile in json/yaml format.

  • Q: Can response 404 with unmatch routes?
    A: Well, caddy can't do this ¯\(ツ)/¯.

Reference