CS http Dynamic Encrypt Bridge.

Doge-CSBridge

CS http Dynamic Encrypt Bridge.

  • 🐸 Frog For Automatic Scan

  • 🐶 Doge For Defense Evasion&Offensive Security

  • 安全本逆天而行,猝死很正常,请勿用作授权之外非法用途

0x00 引

流量层面的对抗处于地位,而Cobalt Strike的profile配置文件虽然给予了使用者很大的灵活性去做流量混淆,但仍然会存在特征。

前段时间和朋友聊到了流量加密

是否存在一种较为简单的方式,能够满足在不传递密钥的情况下,客户端与服务端动态密钥的同步生成,以及丢包不影响密钥的同步。

0x01 构思

结合上述,联想到了前段时间做的golang对接Google Authenticator,将OTP验证码作为对称加密密钥是一种可行的方案。整体的方案规划如下:

  • Cobalt Strike Beacon挂本地的proxy加密外连
  • server端收到Beacon的加密数据后解密并传给teamserver
  • teamserver处理产生response给server
  • server加密response发送给beacon
  • beacon的proxy将response解密
  • proxy和server都内置otp初始secret密钥

整体架构如下图:

image

代码不完善,默认流量存在无法加密字符,需使用profile对流量进行预处理

0x02

最后实现的截图如下。

image

具体实现细节见代码不赘述。

仅为概念验证项目。

Owner
TimWhite
Offensive Security Researcher / Bug Hunter.
TimWhite
Similar Resources

PoC for CVE-2015-1635 / MS15-034 - HTTP.sys Allows Remote Code Execution / Check & DOS

PoC for CVE-2015-1635 / MS15-034 - HTTP.sys Allows Remote Code Execution / Check & DOS

CVE-2015-1635 PoC for CVE-2015-1635 / MS15-034 - HTTP.sys Allows Remote Code Execution / Check & DOS ./MS15-034 URL RESOURCE FLAG [0 or 18] Note

Nov 3, 2021

ARP spoofing tool based on go language, supports LAN host scanning, ARP poisoning, man-in-the-middle attack, sensitive information sniffing, HTTP packet sniffing

ARP spoofing tool based on go language, supports LAN host scanning, ARP poisoning, man-in-the-middle attack, sensitive information sniffing, HTTP packet sniffing

[ARP Spoofing] [Usage] Commands: clear clear the screen cut 通过ARP欺骗切断局域网内某台主机的网络 exit exit the program help display help hosts 主机管理功能 loot 查看嗅探到的敏感信息

Dec 30, 2022

Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.

This is very similar to GenericPotato - I referenced it heavily while researching. Gotato starts a named pipe or web server and waits for input. Once

Nov 9, 2022

Basic honeypot to capture log4shell payloads within HTTP headers.

log4shell-honeypot Catch and download log4shell payloads sent within HTTP headers. Modified version of Adikso's minecraft honeypot Setup git clone $re

Sep 2, 2022

A Flask-based HTTP(S) command and control (C2) framework with a web frontend. Malleable agents written in Go and scripts written in bash.

▄▄▄▄ ██▓ █████▒██▀███ ▒█████ ██████ ▄▄▄█████▓ ▓█████▄ ▓██▒▓██ ▒▓██ ▒ ██▒▒██▒ ██▒▒██ ▒ ▓ ██▒ ▓▒ ▒██▒ ▄██▒██▒▒████ ░▓██ ░▄█ ▒▒██░ ██▒░

Dec 24, 2022

Apex-api-bridge - Bridge between apexlegendsapi and ApeStats

apex-api-sync This app updates a mongo instance with the players most recent dat

Feb 17, 2022

The Dual-Stack Dynamic DNS client, the world's first dynamic DNS client built for IPv6.

dsddns DsDDNS is the Dual-Stack Dynamic DNS client. A dynamic DNS client keeps your DNS records in sync with the IP addresses associated with your hom

Sep 27, 2022

gproxy is a tiny service/library for creating lets-encrypt/acme secured gRPC and http reverse proxies

gproxy is a tiny service/library for creating lets-encrypt/acme secured gRPC and http reverse proxies

gproxy is a reverse proxy service AND library for creating flexible, expression-based, lets-encrypt/acme secured gRPC/http reverse proxies GProxy as a

Sep 11, 2022

Headless CMS with automatic JSON API. Featuring auto-HTTPS from Let's Encrypt, HTTP/2 Server Push, and flexible server framework written in Go.

Headless CMS with automatic JSON API. Featuring auto-HTTPS from Let's Encrypt, HTTP/2 Server Push, and flexible server framework written in Go.

Ponzu Watch the video introduction Ponzu is a powerful and efficient open-source HTTP server framework and CMS. It provides automatic, free, and secur

Dec 28, 2022

Sign, encrypt and authenticate http cookies with golang

Sign, encrypt and authenticate http cookies with golang

ecookie sign, encrypt and authenticate cookies with golang... this package uses rabbit cipher to encrypt and blake2 hash function in order to authenti

Feb 3, 2022

An Advanced HTTP Reverse Proxy with Dynamic Sharding Strategies

An Advanced HTTP Reverse Proxy with Dynamic Sharding Strategies

Weaver - A modern HTTP Proxy with Advanced features Description Features Installation Architecture Configuration Contributing License Description Weav

Dec 24, 2022

An Advanced HTTP Reverse Proxy with Dynamic Sharding Strategies

An Advanced HTTP Reverse Proxy with Dynamic Sharding Strategies

Weaver - A modern HTTP Proxy with Advanced features Description Features Installation Architecture Configuration Contributing License Description Weav

Jan 1, 2023

A Matrix-iMessage puppeting bridge

A Matrix-iMessage puppeting bridge. The bridge runs on a Mac or jailbroken iPhone (soon™). A websocket proxy is required to receive appservice events from the homeserver.

Jan 2, 2023

High-performance PHP-to-Golang IPC bridge

High-performance PHP-to-Golang IPC bridge Goridge is high performance PHP-to-Golang codec library which works over native PHP sockets and Golang net/r

Dec 28, 2022

Generic Prometheus ⟷ MQTT Bridge

Promqtt: Prometheus ⟷ MQTT Bridge Promqtt makes Prometheus MQTT capable in a truly generic way. It has no assumptions on message payloads or topic lay

Sep 18, 2022

Zero-knowledge-proof verification bridge

Zero-knowledge-proof verification bridge

Submit Bug Rosefintech-Rosl2-Bridge Zero knowledge proof verification bridge Table of Contents Security Background Install Community Contact License S

Jun 4, 2022

Small helper to bridge between Vault and AWS Credential Process.

vault-aws-credential-helper The Vault AWS Credential Helper is a component that can be injected into a task environment and be used as a credential he

Nov 21, 2021

vks is a Vulkan bridge for Go.

vks vks is a Vulkan bridge for Go. The header generator folder contains the code that is used to generate the vulkan bindings. It woks similar to c-fo

Sep 3, 2022

Bridge between mattermost, IRC, gitter, xmpp, slack, discord, telegram, rocketchat, twitch, ssh-chat, zulip, whatsapp, keybase, matrix, microsoft teams, nextcloud, mumble, vk and more with REST API

Bridge between mattermost, IRC, gitter, xmpp, slack, discord, telegram, rocketchat, twitch, ssh-chat, zulip, whatsapp, keybase, matrix, microsoft teams, nextcloud, mumble, vk and more with REST API

bridge between mattermost, IRC, gitter, xmpp, slack, discord, telegram, rocketchat, twitch, ssh-chat, zulip, whatsapp, keybase, matrix, microsoft teams, nextcloud, mumble, vk and more with REST API (mattermost not required!)

Jan 4, 2023
Let's Encrypt client and ACME library written in Go
Let's Encrypt client and ACME library written in Go

Let's Encrypt client and ACME library written in Go. Features ACME v2 RFC 8555 Register with CA Obtain certificates, both from scratch or with an exis

Dec 27, 2022
🌰 encrypt/decrypt using ssh keys

ssh-vault ?? encrypt/decrypt using ssh private keys Documentation https://ssh-vault.com Usage $ ssh-vault -h Example: $ echo "secret" | ssh-vault -u

Dec 30, 2022
Let's Encrypt client and ACME library written in Go
Let's Encrypt client and ACME library written in Go

Let's Encrypt client and ACME library written in Go. Features ACME v2 RFC 8555 Register with CA Obtain certificates, both from scratch or with an exis

Dec 30, 2022
Encrypt your files or notes by your GPG key and save to MinIO or Amazon S3 easily!
Encrypt your files or notes by your GPG key and save to MinIO or Amazon S3 easily!

Super Dollop Super Dollop can encrypt your files and notes by your own GPG key and save them in S3 or minIO to keep them safe and portability, also yo

Jul 11, 2022
Encrypt embedded go files using age.

encembed Encrypt embedded resource in compiled binary using age. Meant for usage with go generate. This tool will generate a go source file that embed

Nov 20, 2022
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focussed on

Dec 30, 2022
HTTP middleware for Go that facilitates some quick security wins.

Secure Secure is an HTTP middleware for Go that facilitates some quick security wins. It's a standard net/http Handler, and can be used with many fram

Jan 3, 2023
HTTP/HTTPS MITM proxy and recorder.
HTTP/HTTPS MITM proxy and recorder.

Hyperfox Hyperfox is a security auditing tool that proxies and records HTTP and HTTPS traffic between two points. Installation You can install the lat

Jan 9, 2023
Implementation of io/fs.FS that appends SHA256 hashes to filenames to allow for aggressive HTTP caching.

hashfs Implementation of io/fs.FS that appends SHA256 hashes to filenames to allow for aggressive HTTP caching.

Dec 1, 2022
Fastest recursive HTTP fuzzer, like a Ferrari.
Fastest recursive HTTP fuzzer, like a Ferrari.

Medusa Fastest recursive HTTP fuzzer, like a Ferrari. Usage Usage: medusa [options...] Options: -u Single URL -uL

Oct 14, 2022