RedGuard
RedGuard copied to clipboard
wikiZ
Cannot parse C2concealer
Hey,
I tried using RedGuard on a redirector Server today. Unfortunately it was not able to parse my MalleableC2 profile correctly.
For example the following was not parsed correctly:
http-get "variant_1" {
set uri "/test.css /testz.css";
}
As requests to the URL /test.css were not redirected but blocked.
Is that a bug?
Greetings
Here you go. One full profile variane:
http-get "variant_5" {
set uri "/lv.js";
client {
header "Host" "hostname.example.com";
header "Connection" "close";
header "Accept-Language" "fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5";
metadata {
base64url;
base64;
prepend "woocommerce_cart_hash=";
header "Cookie";
}
}
server {
header "Connection" "close";
header "Content-Type" "text/html";
header "Server" "apache";
output {
base64url;
base64;
prepend "<!DOCTYPE html><html class='no-js' lang='en-US'> <head> <meta http-equiv='X-UA-Compatible' content='IE=EDGE' /> <meta charset='utf-8'> <meta name='viewport' content='width=device-width, initial-scale=1' /> <meta name='apple-itunes-app' conten$
print;
}
}
}
And the result from RedGuard:
Ok. When changing http-get "variant_5" { to http-get { it works for the initial GET-Request. Seams, like your parser for the profile fails, when different http-get profile names are declared.
Also found another thing for http-post it does not parse the following correctly:
Non-Working example
http-post {
set uri "/af, /media, /da";
Some idea, why the parsing fails here?