GN_82 Posted November 29, 2021 Share Posted November 29, 2021 Hi guys :-) When I try to run C2 behind an Nginx the 'reverseProxy' parameter causes the C2 server do not response. c2 -debug -hostname myc2.domain.local -https -certFile /app/certs/cert.crt -keyFile /app/certs/cert.key -reverseProxy -reverseProxyPort 8443 -sshport 3020 curl -kv https://myc2.domain.local:8443 Server error 502 <-- If I remove the 'https' parameter the C2 server works, but the pineapple mk7 devices do not use HTTPS to communicate with the server. Link to comment Share on other sites More sharing options...
dark_pyrro Posted November 30, 2021 Share Posted November 30, 2021 Is the certificate self signed? Is it provisioned to the Hak5 device? Link to comment Share on other sites More sharing options...
GN_82 Posted November 30, 2021 Author Share Posted November 30, 2021 Hi, i have a custom CA with self signed certicate. In the proxy I use the same certificate. Link to comment Share on other sites More sharing options...
dark_pyrro Posted November 30, 2021 Share Posted November 30, 2021 Ok, but the question remains, is the certificate provisioned to the Hak5 device? Also remember that a new device.config file needs to be created for each connecting device if the settings on the server side have changed. Link to comment Share on other sites More sharing options...
GN_82 Posted December 1, 2021 Author Share Posted December 1, 2021 I have identified the problem. If parameters 'reverseProxy' and 'reverseProxyPort' are used, the server does not initialize in https mode. c2 -debug -hostname x.x.x.x -https -certFile /app/cert.crt -keyFile /app/cert.key -sshport 23644 -reverseProxy -reverseProxyPort 23644 -listenip 127.0.0.1 root@d244bb0d9c1b:/app# netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN ... It is necessary that the https and reverseProxy mode are compatible, so that when downloading the 'device.config' file the proxy port is configured correctly. Link to comment Share on other sites More sharing options...
GN_82 Posted December 1, 2021 Author Share Posted December 1, 2021 I think it is not possible to modify the 'device.config' file manually because there is some kind of integrity check. For this reason it is necessary to use the 'reverseProxyPort' parameter, so that the port is defined at the C2 server level. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.