updating for httpx's updates

Author: its-a-feature

Payload_Type/poseidon/go.mod

@@ -1,21 +1,21 @@
 module MyContainer
 
-go 1.22.0
+go 1.22.7
 
-toolchain go1.22.2
+toolchain go1.23.3
 
 //replace github.com/MythicMeta/MythicContainer => ../../../../MythicMeta/MythicContainer
 
 require (
-	github.com/MythicMeta/MythicContainer v1.4.7
+	github.com/MythicMeta/MythicContainer v1.4.9
 	github.com/google/uuid v1.6.0
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/pelletier/go-toml v1.9.5
-	golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c
+	golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f
 )
 
 require (
-	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/fsnotify/fsnotify v1.8.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
@@ -32,12 +32,12 @@ require (
 	github.com/spf13/viper v1.19.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/net v0.30.0 // indirect
-	golang.org/x/sys v0.26.0 // indirect
-	golang.org/x/text v0.19.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect
-	google.golang.org/grpc v1.67.1 // indirect
-	google.golang.org/protobuf v1.35.1 // indirect
+	golang.org/x/net v0.31.0 // indirect
+	golang.org/x/sys v0.27.0 // indirect
+	golang.org/x/text v0.20.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 // indirect
+	google.golang.org/grpc v1.68.0 // indirect
+	google.golang.org/protobuf v1.35.2 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

Payload_Type/poseidon/go.sum

@@ -1,14 +1,15 @@
-github.com/MythicMeta/MythicContainer v1.4.7 h1:Aelo4g18UPr6Po0CnGF3wujyoCUpoqkiVllrCPWUAb0=
-github.com/MythicMeta/MythicContainer v1.4.7/go.mod h1:BnUYftqQ9KsGxBd6RlyRcAHBrqV1CUcrRCjktWwc2Do=
+github.com/MythicMeta/MythicContainer v1.4.9/go.mod h1:BnUYftqQ9KsGxBd6RlyRcAHBrqV1CUcrRCjktWwc2Do=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
-github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
-github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
+github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
@@ -65,23 +66,23 @@ go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c h1:7dEasQXItcW1xKJ2+gg5VOiBnqWrJc+rq0DPKyvvdbY=
-golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8=
-golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
-golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
+golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo=
+golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak=
+golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
+golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
-golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
-golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 h1:zciRKQ4kBpFgpfC5QQCVtnnNAcLIqweL7plyZRQHVpI=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
-google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
-google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
-google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
-google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
+golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
+golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 h1:LWZqQOEjDyONlF1H6afSWpAL/znlREo2tHfLoe+8LMA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU=
+google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0=
+google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA=
+google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io=
+google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

Payload_Type/poseidon/poseidon/agent_code/CHANGELOG.MD

@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## 2.1.12 - 2024-11-26 
+
+### Changed
+
+- Updated httpx implementation to match latest v0.0.0.15 release of httpx
+
 ## 2.1.11 - 2024-11-15
 
 ### Changed

Payload_Type/poseidon/poseidon/agent_code/pkg/profiles/httpx.go

@@ -48,18 +48,19 @@ type AgentVariationConfigMessage struct {
 	Name     string `json:"name" toml:"name"`
 }
 type AgentVariationConfigClient struct {
-	Headers    map[string]string                      `json:"headers" toml:"headers"`
-	Parameters map[string]string                      `json:"parameters" toml:"parameters"`
-	Message    AgentVariationConfigMessage            `json:"message" toml:"message"`
-	Transforms []AgentVariationConfigMessageTransform `json:"transforms" toml:"transforms"`
+	Headers               map[string]string                      `json:"headers" toml:"headers"`
+	Parameters            map[string]string                      `json:"parameters" toml:"parameters"`
+	DomainSpecificHeaders map[string]map[string]string           `json:"domain_specific_headers" toml:"domain_specific_headers"`
+	Message               AgentVariationConfigMessage            `json:"message" toml:"message"`
+	Transforms            []AgentVariationConfigMessageTransform `json:"transforms" toml:"transforms"`
 }
 type AgentVariationConfigServer struct {
 	Headers    map[string]string                      `json:"headers" toml:"headers"`
 	Transforms []AgentVariationConfigMessageTransform `json:"transforms" toml:"transforms"`
 }
 type AgentVariationConfig struct {
 	Verb   string                     `json:"verb" toml:"verb"`
-	URI    string                     `json:"uri" toml:"uri"`
+	URIs   []string                   `json:"uris" toml:"uris"`
 	Client AgentVariationConfigClient `json:"client" toml:"client"`
 	Server AgentVariationConfigServer `json:"server" toml:"server"`
 }
@@ -434,6 +435,8 @@ func (c *C2HTTPx) increaseErrorCount() {
 		}
 	} else if c.DomainRotationMethod == "round-robin" {
 		c.CurrentDomain = (c.CurrentDomain + 1) % len(c.CallbackDomains)
+	} else if c.DomainRotationMethod == "random" {
+		c.CurrentDomain = rand.Intn(len(c.CallbackDomains))
 	} else {
 		utils.PrintDebug(fmt.Sprintf("unknown domain rotation method: %s\n", c.DomainRotationMethod))
 	}
@@ -782,7 +785,9 @@ func (c *C2HTTPx) CreateDynamicMessage(content []byte, isGetTaskingRequest bool)
 		}
 	}
 	bodyBuffer = bytes.NewBuffer(bodyBytes)
-	url := c.CallbackDomains[c.CurrentDomain] + variation.URI
+	// select a URI from this variation at random
+	uriIndex := rand.Intn(len(variation.URIs))
+	url := c.CallbackDomains[c.CurrentDomain] + variation.URIs[uriIndex]
 	utils.PrintDebug(fmt.Sprintf("method: %s\nURL: %s\n", variation.Verb, url))
 	req, err := http.NewRequest(variation.Verb, url, bodyBuffer)
 	if err != nil {
@@ -816,6 +821,24 @@ func (c *C2HTTPx) CreateDynamicMessage(content []byte, isGetTaskingRequest bool)
 			req.Header.Set(key, variation.Client.Headers[key])
 		}
 	}
+	for domain, _ := range variation.Client.DomainSpecificHeaders {
+		if domain == c.CallbackDomains[c.CurrentDomain] {
+			for key, _ := range variation.Client.DomainSpecificHeaders[domain] {
+				if key == "Host" {
+					req.Host = variation.Client.DomainSpecificHeaders[domain][key]
+				} else if key == "User-Agent" {
+					req.Header.Set(key, variation.Client.DomainSpecificHeaders[domain][key])
+					tr.ProxyConnectHeader = http.Header{}
+					tr.ProxyConnectHeader.Add("User-Agent", variation.Client.DomainSpecificHeaders[domain][key])
+				} else if key == "Content-Length" {
+					continue
+				} else {
+					req.Header.Set(key, variation.Client.DomainSpecificHeaders[domain][key])
+				}
+			}
+		}
+
+	}
 	// adding query parameters is a little weird in go
 
 	for key, _ := range variation.Client.Parameters {

Payload_Type/poseidon/poseidon/agent_code/test_agent_config_httpx.json

@@ -3,7 +3,7 @@
   "callback_interval": 2,
   "killdate": "2024-12-31",
   "encrypted_exchange_check": true,
-  "AESPSK": "1EhTUM7jVrdKBOhTLMx+fXT8a77Ge2XOUVNuMuhLSe4=",
+  "AESPSK": "ye6wt4oUi50HDnoNskj1e5HxIpWQWyJ1BeaSohZtbrk=",
   "failover_threshold": 2,
   "callback_domains": [
     "http://127.0.0.1:82"
@@ -13,58 +13,92 @@
     "name": "TEST",
     "get": {
       "verb": "GET",
-      "uri": "/my/uri/path",
+      "uris": [
+        "/my/uri/path"
+      ],
       "client": {
         "headers": {
           "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"
         },
         "parameters": {
           "MyKey": "value"
         },
+        "domain_specific_headers": {
+          "https://example.com:443": {
+            "User-Agent": "Test"
+          }
+        },
         "message": {
           "location": "cookie",
           "name": "sessionID"
         },
         "transforms": [
           {
-            "action": "base64url"
+            "action": "base64url",
+            "value": ""
           }
         ]
       },
       "server": {
         "headers": {
-          "Server": "Server",
-          "Cache-Control": "max-age=0, no-cache"
+          "Cache-Control": "max-age=0, no-cache",
+          "Server": "Server"
         },
         "transforms": [
-          {"action":  "xor", "value":  "keyHere"},
-          {"action":  "base64url", "value":  ""},
-          {"action":  "prepend", "value":  "{\"response\":\""},
-          {"action":  "append", "value":  "\"}"}
+          {
+            "action": "xor",
+            "value": "keyHere"
+          },
+          {
+            "action": "base64url",
+            "value": ""
+          },
+          {
+            "action": "prepend",
+            "value": "{\"response\":\""
+          },
+          {
+            "action": "append",
+            "value": "\"}"
+          },
+          {
+            "action": "netbios",
+            "value": ""
+          }
         ]
       }
     },
     "post": {
       "verb": "POST",
-      "uri": "/my/other/path",
+      "uris": [
+        "/my/other/path"
+      ],
       "client": {
         "headers": {
           "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"
         },
+        "parameters": null,
+        "domain_specific_headers": null,
         "message": {
-
+          "location": "",
+          "name": ""
         },
         "transforms": [
-          {"action": "xor", "value": "keyHere"},
-          {"action": "netbios", "value": ""}
+          {
+            "action": "xor",
+            "value": "keyHere"
+          },
+          {
+            "action": "base64url",
+            "value": ""
+          }
         ]
       },
       "server": {
         "headers": {
           "Keep-Alive": "true"
         },
-        "transforms": [
-        ]
+        "transforms": null
       }
     }
   }

Payload_Type/poseidon/poseidon/agentfunctions/head.go

@@ -2,7 +2,6 @@ package agentfunctions
 
 import (
 	"fmt"
-
 	agentstructs "github.com/MythicMeta/MythicContainer/agent_structs"
 )