Jump to content
All Your Base

What does the "-reverseProxy" switch actually do?

Recommended Posts

The only documentation whatsoever that I can find regarding the "-reverseProxy" switch of the C2 binary is the description listed for it by the binary itself, that is:

"If set, Cloud C2 will work behind a reverse proxy" 

But, what does this "-reverseProxy" switch actually do more exactly? Which kind of "proxy" does it expect to be be placed behind? SOCKS? Pure TCP proxying à la nginx? Something else? And why does this require a switch like this to begin with?

I can understand the obvious need for the "-reverseProxyPort" switch, since this would make sure that the client devices are informed to connect to the proxy port, while the C2 server itself will still listen in the "real" port, but again, what on earth does the "-reverseProxy" switch really do then?

And also, which ports will be assumed to be "proxied" like this when this switch is provided? The HTTP and HTTPS port? The 2022 terminal port? Any other ports?

Will I only be able to connect to these "proxy enabled" ports (whichever they are, and whatever proxy type that is expected) through a proxy when this "-reverseProxy" switch is provided (contrary to for example managing my C2 server through its HTTP admin GUI directly on the HTTP port from my local network)? If not, why isn't this "proxy support" always enabled otherwise?

For a final more practical and specific question:

If I have my C2 server behind a NAT firewall facing the internet, and I'm forwarding port 5678/tcp from the internet in this firewall, to port 443/tcp on the C2 server (that is, using NAT port forwarding with "port translation"), does this count as a "proxy" that would require this "-reverseProxy" switch, and more specifically which exact command line would be required for my C2 server to accommodate this specific situation?

Share this post


Link to post
Share on other sites

So a good example of a reverse proxy is this...

"Void-Byte and All Your Base are best friends. All Your Base has a crush on Hak5, and wants to ask Hak5 on a date. However, All Your Base does not want anyone to know they asked Hak5 on a date. So instead All Your Base asks Void-Byte to ask Hak5 on his behalf. Now people think Hak5 asked All Your Base on a date when it was in reality All Your Base."

Edited by Void-Byte

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...