Jump to content

What does the "-reverseProxy" switch actually do?

All Your Base

Recommended Posts

The only documentation whatsoever that I can find regarding the "-reverseProxy" switch of the C2 binary is the description listed for it by the binary itself, that is:

"If set, Cloud C2 will work behind a reverse proxy" 

But, what does this "-reverseProxy" switch actually do more exactly? Which kind of "proxy" does it expect to be be placed behind? SOCKS? Pure TCP proxying à la nginx? Something else? And why does this require a switch like this to begin with?

I can understand the obvious need for the "-reverseProxyPort" switch, since this would make sure that the client devices are informed to connect to the proxy port, while the C2 server itself will still listen in the "real" port, but again, what on earth does the "-reverseProxy" switch really do then?

And also, which ports will be assumed to be "proxied" like this when this switch is provided? The HTTP and HTTPS port? The 2022 terminal port? Any other ports?

Will I only be able to connect to these "proxy enabled" ports (whichever they are, and whatever proxy type that is expected) through a proxy when this "-reverseProxy" switch is provided (contrary to for example managing my C2 server through its HTTP admin GUI directly on the HTTP port from my local network)? If not, why isn't this "proxy support" always enabled otherwise?

For a final more practical and specific question:

If I have my C2 server behind a NAT firewall facing the internet, and I'm forwarding port 5678/tcp from the internet in this firewall, to port 443/tcp on the C2 server (that is, using NAT port forwarding with "port translation"), does this count as a "proxy" that would require this "-reverseProxy" switch, and more specifically which exact command line would be required for my C2 server to accommodate this specific situation?

Link to comment
Share on other sites

So a good example of a reverse proxy is this...

"Void-Byte and All Your Base are best friends. All Your Base has a crush on Hak5, and wants to ask Hak5 on a date. However, All Your Base does not want anyone to know they asked Hak5 on a date. So instead All Your Base asks Void-Byte to ask Hak5 on his behalf. Now people think Hak5 asked All Your Base on a date when it was in reality All Your Base."

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...