Skip to content

XiaoliChan/RedCaddy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

165098f · May 28, 2024

History

41 Commits
Jan 21, 2024
May 15, 2023
May 28, 2024
Aug 28, 2023
May 15, 2023
May 15, 2023
Sep 3, 2023
May 10, 2023
May 15, 2023

Repository files navigation

RedCaddy

C2 redirector base on caddy

Table of content

Overview

Generate caddyfile with c2 malleable profiles

Feature

  • Block IP by GEOIP country
  • Allow requests by header matcher
  • User-agent & IP blacklist
  • Support multiple redirection
  • TeamServer port warden

Note

Quick start

  • Generate self-signed certificate
  • Build the custom caddy with specific modules (optional)
  • Make sure set trust_x_forwarded_for "true"; already enabled in C2 malleable profile
  • Copy your C2 malleable profile into RedCaddy
  • Add your redirect rules into files (E.g chains.list)
  • Finally, generate Caddyfile with the ugly python script.

Step by step

  • 1. Generate self-signed certificates with "self-signed-cert.py" :
    python3 self-signed-cert.py -t [Https Server]
    image As you can see, localhost.* are generated in core/cert-out
    image

  • 2. Enable set trust_x_forwarded_for "true"; in C2 malleable profile
    image

  • 3. Host & Referer headers needed to define in each client blocks of C2 malleable profile
    ⚠️ Note: the fake sub-domain must exists in self-signed certificates SAN (subject alternative name) attribute
    image

  • 4. Copy the C2 profile into RedCaddy
    I use threatexpress‘s jquery-c2.4.3.profile as demonstrate
    image

  • 5. Edit redirection rules in "chains.list"
    443:https:192.168.128.64:10001 means incomming from port *:443 redirect to localhost https://192.168.128.64:10001 (C2 backend)
    image

    Q: What is "warden"?
    A: Warden is a whitelist function feature to protect your teamserver port, this will generate a random link with random secure strings. The user without ability connect to teamserver before trigged it ("warden" behind 443 means handling the link on port 443).

  • 6. Pass arguments the generator.py needed, then hit enter.
    python3 generator.py -f geacon_jd_pro.profile -r forward-chains.list -c CN -vps-ip 1.1.1.1 image

  • 7. Finally, run caddy with caddyfile just generated :)
    sudo ./run.sh image

  • 8. Optional: Build the custom caddy with specific modules

git clone https://github.com/XiaoliChan/RedCaddy-core.git
cd cmd/caddy
go get github.com/aksdb/caddy-cgi/v2
go get github.com/XiaoliChan/caddy-maxmind-geolocation@self
CGO_ENABLED=0 go build
upx --best --lzma caddy
  • Q: Why not use json or yaml format?
    A: Sorry, I don't know how to write caddyfile in json/yaml format.

  • Q: Can response 404 with unmatch routes?
    A: Well, caddy can't do this ¯\(ツ)/¯.

Reference