'https' and 'reverseProxy' parameters do not found

[GN_82]

Hi guys :-)

When I try to run C2 behind an Nginx the 'reverseProxy' parameter causes the C2 server do not response.

c2 -debug -hostname myc2.domain.local -https -certFile /app/certs/cert.crt -keyFile /app/certs/cert.key -reverseProxy -reverseProxyPort 8443 -sshport 3020

 

curl -kv https://myc2.domain.local:8443
Server error 502 <--

If I remove the 'https' parameter the C2 server works, but the pineapple mk7 devices do not use HTTPS to communicate with the server.

[dark_pyrro]

Is the certificate self signed? Is it provisioned to the Hak5 device?

[GN_82]

Hi,

i have a custom CA with self signed certicate. In the proxy I use the same certificate.

[dark_pyrro]

Ok, but the question remains, is the certificate provisioned to the Hak5 device?

Also remember that a new device.config file needs to be created for each connecting device if the settings on the server side have changed.

Edited November 30, 2021 by dark_pyrro

[GN_82]

I have identified the problem.

If parameters 'reverseProxy' and 'reverseProxyPort' are used, the server does not initialize in https mode.

c2 -debug -hostname x.x.x.x -https -certFile /app/cert.crt -keyFile /app/cert.key -sshport 23644 -reverseProxy -reverseProxyPort 23644 -listenip 127.0.0.1

 

root@d244bb0d9c1b:/app# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN
...

It is necessary that the https and reverseProxy mode are compatible, so that when downloading the 'device.config' file the proxy port is configured correctly.

Edited December 1, 2021 by GN_82

[GN_82]

I think it is not possible to modify the 'device.config' file manually because there is some kind of integrity check. For this reason it is necessary to use the 'reverseProxyPort' parameter, so that the port is defined at the C2 server level.