I was using this beacon payload recently and ran into a small potential bug.

When you set the Host: code.jquery.com
https://github.com/threatexpress/malleable-c2/blob/master/jquery-c2.4.0.profile#L250

When the SSL/TLS Proxy intercepts the requests, you may lose connections, since the Proxy sends traffic to the actual forged site.

I am not sure of the best way to over come this with malleable C2.

Have you encountered this before?

It seems that removing the host in the request fixes this.

Steps to Reproduce.
1. Connect Normally over HTTPS beacon. Should work fine.
2. On the host that is running the Beacon, Start a proxy like Fiddler, or Burp
3. The beacon is no longer responsive.

Feedback welcome, I may be missing something.

[-] .spawnto_x86 is deprecated and has no effect. Set .post-ex.spawnto_x86 instead.
[-] .spawnto_x64 is deprecated and has no effect. Set .post-ex.spawnto_x64 instead.
[-] .process-inject disable "SetTreadContext" is deprecated and has no effect. Use process-inject -> execute instead.

hello could you tell me why when I add a certain number of ips this happens?

[] dropping 192.168.1.22/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.21/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.20/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.19/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.18/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.17/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.22/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.21/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.20/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.19/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.18/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.17/jquery-3.3.1.min.js from Beacon profile for size
[+] Listener: test started!

Can you update the profile file for version 4.8

I am running the jquery-2.4.0.profile on my test lab. The stageless beacon reaches back to the team server. Unfortunately there is no command output at all even with a sleep time set to 0.
Profiles from Raphael Mudge's repo work fine.
Any idea what is wrong here?

Sample:
beacon> getuid
[] Tasked beacon to get userid
[+] host called home, sent: 8 bytes
beacon> ps
[] Tasked beacon to list processes
[+] host called home, sent: 12 bytes

./c2lint jquery-c2.4.3.profile
[-] Your authorization file is not valid: Decryption error

I can't valid it , what should I do?

[-] Error(s) while compiling jquery-c2.4.3.profile
Error: option <.stage.compile_time> requires a 'dd MMM YYYY hh:mm:ss' date at line 377

Trying to load the profile : ./teamserver ip password jquery-c2.4.3.profile and keep getting this error! all other profiles work fine

*] Will use existing X509 certificate and keystore (for SSL) Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true [-] Error(s) while compiling jquery-c2.4.3.profile Error: invalid option for <Global> at line 71 data_jitter Error: Block is not valid for <Global> at line 190 dns-beacon Error: invalid option for <Global> at line 222 ssh_pipename Error: invalid option for <.post-ex> at line 322 pipename Error: invalid option for <.post-ex> at line 323 keylogger Error: invalid option for <.stage> at line 361 allocator Error: invalid option for <.stage> at line 364 magic_pe Error: invalid option for <.http-config> at line 512 block_useragents [-] exiting because of errors in jquery-c2.4.3.profile. Use ./c2lint to check the file

At first thank you for you work and youtube videos, which are still helpfull today.
i am new one in c2 and after uncommenting a Beacon get section , got that error in c2lint. What i made wrong?

./TeamServerImage c2lint /root/Desktop/Server/jquery-c2.4.8.profile
[-] Error(s) while compiling /root/Desktop/Server/jquery-c2.4.8.profile
Error: Program is terminated. Can't add transform statements to <.http-post.client.id> at line 696
mask
Error: Program is terminated. Can't add transform statements to <.http-post.client.id> at line 697
base64url
Error: Program is terminated. Can't add transform statements to <.http-post.client.id> at line 698
parameter
Error: Program is terminated. Can't add transform statements to <.http-post.client.output> at line 702
mask
Error: Program is terminated. Can't add transform statements to <.http-post.client.output> at line 703
base64url
Error: Program is terminated. Can't add transform statements to <.http-post.client.output> at line 704
parameter
Error: Program is terminated. Can't add transform statements to <.http-post.server.output> at line 717
mask
Error: Program is terminated. Can't add transform statements to <.http-post.server.output> at line 718
base64url
Error: Program is terminated. Can't add transform statements to <.http-post.server.output> at line 721
prepend
Error: Program is terminated. Can't add transform statements to <.http-post.server.output> at line 723
prepend
Error: Program is terminated. Can't add transform statements to <.http-post.server.output> at line 724
append
Error: Program is terminated. Can't add transform statements to <.http-post.server.output> at line 725
print
[-] Unable to load the Beacon profile

update - Comment a block for HTTP-POST Post method - now all work fine with Only Get beacon. Hope understand right. Thanks!

[-] Error(s) while compiling ./malleable-c2/jquery-c2.4.2.profile
Error: option <.stage.compile_time> requires a 'dd MMM YYYY hh:mm:ss' date at line 352
"11 Nov 2016 04:08:32"

。。。

Just wanted to let you know the link in the README.md is dead.

~reno