HTTP Listener

Listener UI

Domain Rotation

The options to strategy domain rotation is:

Random
Failover
Round Robin

Proxy Settings

Set Proxy to http connections:

Proxy URL
Username
Password

Use SSL (HTTPS)

SSL Certificate Path
SSL Key Path

Upload Profile

need be passes the profile json for malleable profile

Malleable Profile Overview

This document provides detailed technical specifications for configuring HTTP listener profiles. The profile defines how client-server communications are handled, including request/response formatting, encryption, encoding, and routing behaviors.

Profile Structure

Root Level

{
  "callback": [
    { /* callback object 1 */ },
    { /* callback object 2 */ }
  ]
}

The profile contains an array of callback objects, allowing multiple configurations for different hosts and communication patterns.

Callback Object

Multiple Hosts

Each callback can handle multiple hosts:

{
  "callback": [
    {
      "host": ["server1.com:443", "server2.com:443", "server3.com:8443"],
      "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
      "get": { /* GET configuration */ },
      "post": { /* POST configuration */ }
    }
  ]
}

host array: Multiple target servers and ports
Can mix different ports
Single callback can communicate with multiple servers

User Agent

"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"

Important: The User-Agent is shared across both GET and POST requests from this callback. It identifies the client application for all HTTP methods.

Example Callback Structure

{
  "callback": [
    {
      "host": ["server2.com:443"],
      "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
      "get": {
        "server.headers": { /* headers from server */ },
        "client.headers": { /* headers from client */ },
        "empty_response": "",
        "server.error": { /* error configuration */ },
        "uri": { /* route configurations */ }
      },
      "post": {
        "server.headers": { /* headers from server */ },
        "client.headers": { /* headers from client */ },
        "empty_response": "",
        "server.error": { /* error configuration */ },
        "uri": { /* route configurations */ }
      }
    }
  ]
}

Request Methods: GET and POST

Independent Configuration

Each HTTP method (GET/POST) has its own independent configuration:

Separate server.headers
Separate client.headers
Separate empty_response handling
Separate error definitions
Separate route configurations

Empty Response

The empty_response field defines what the server should send when no tasking/data is available:

"empty_response": ""

"" (empty string) - Send nothing
Can contain a custom response string if needed
Used when the server has no command or data to transmit

Server Error Configuration

Control HTTP status codes and error responses:

"server.error": {
  "http_status": 404,
  "response": "<html>404\nPage not found\nBack to home\n</html>"
}

http_status (integer): HTTP status code (404, 403, 500, etc.)
response (string): Response body sent to client
Can be HTML or JSON format
Allows simulating various error conditions

Headers

Client Headers (Sent by Client)

"client.headers": {
  "Content-Type": "application/json",
  "Accept": "application/json",
  "Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "Cache-Control": "no-cache"
}

Headers that the client includes in requests to the server.

Server Headers (Received from Server)

"server.headers": {
  "Content-Type": "text/html; charset=utf-8",
  "Server": "Apache/2.4.41",
  "Cache-Control": "no-store, no-cache, must-revalidate",
  "X-Powered-By": "Express",
  "X-RateLimit-Limit": "1000",
  "X-RateLimit-Remaining": "998",
  "X-RateLimit-Reset": "1704110400",
  "X-Request-ID": "req_abc123def456"
}

Headers that the server responds with.

Route Configuration

Route Grouping

Routes with identical behavior can be grouped together:

"uri": {
  "/route1 /route2 /route3": { /* shared configuration */ },
  "/route4": { /* unique configuration */ },
  "/api/endpoint1 /api/endpoint2": { /* grouped configuration */ }
}

Routes are separated by spaces in a single string key. This allows reusing the same configuration for multiple endpoints.

Individual Route Configuration

Server Output

"server.output": {
  "mask": false,
  "format": "base64"
}

Configuration Options:

mask (boolean):
- true - Apply XOR encryption before encoding
- false - No encryption, direct encoding
- Encryption is applied to the data before the format encoding
format (string): Output encoding format, The raw data is traffic encrypted with Loky Encrypt
- base64 - Standard Base64 encoding
- base32 - Base32 encoding
- base64url - Base64URL encoding
- raw - No encoding (only XOR encryption if mask is true and default encryption)

Client Output

"client.output": {
  "mask": true,
  "format": "base64",
  "header": "X-Data",
  "body": ""
}

Configuration Options:

mask (boolean): Apply XOR encryption before encoding
format (string): Output encoding format (base64, base32, base64url, raw)
header (optional string): Send output in HTTP header with this name
parameter (optional string): Send output as query/body parameter with this name
body:
- If the payload is in the header/parameter, it's possible to send a body that will be ignored.

Output Location Priority:

If header is specified → output sent in that HTTP header
Else if parameter is specified → output sent as parameter
Else → output sent in request body (default)

Payload Template

"payload": "{\"health\": \"alive\", \"timestamp\": \"<<<PAYLOAD_DATA>>>\", \"message\": \"<<<PAYLOAD_DATA>>>\"}"

Purpose: Define the structure of how data is sent and allow flexible formatting.

Special Placeholder:

<<<PAYLOAD_DATA>>> - This is replaced with the actual output data
Can appear multiple times in the payload
Allows wrapping the data in custom JSON, XML, or other formats

Example Variations:

// JSON wrapping
"payload": "{\"data\": \"<<<PAYLOAD_DATA>>>\", \"status\": \"ok\"}"

// XML wrapping
"payload": "<message><content><<<PAYLOAD_DATA>>></content></message>"

// Direct passthrough
"payload": "<<<PAYLOAD_DATA>>>"

Parameters

"client.parameters": [
  {
    "beacon_status": "ok",
    "beacon_name": "kharon"
  }
]

Additional parameters to include in the request:

Can include multiple key-value pairs
Used for metadata or status information
Sent alongside the routed data

Complete Route Configuration Example

Example 1: Grouped Routes with Shared Behavior

"/route1 /route2 /route3": {
  "server.output": {
    "mask": false,
    "format": "base64"
  },
  "client.output": {
    "mask": true,
    "format": "base64url",
    "parameter": "info"
  },
  "client.parameters": [
    {
      "beacon_status": "ok",
      "beacon_name": "kharon"
    }
  ]
}

Behavior:

Routes /route1, /route2, /route3 all use identical configuration
Server sends unencrypted base64-encoded data
Client sends base64url-encoded, XOR-encrypted data
Data sent as query/body parameter named info
Includes beacon status and name in parameters

Example 2: Unique Route with Header Output

"/route4": {
  "server.output": {
    "mask": true,
    "format": "base64url",
    "parameter": "info"
  },
  "client.output": {
    "mask": true,
    "format": "base64",
    "header": "cookie",
    "body": ""
  },
  "payload": "PHPSESSID=<<<PAYLOAD_DATA>>>"
}

Behavior:

Server sends XOR-encrypted, base64url-encoded data as info parameter
Client sends XOR-encrypted, base64-encoded data in cookie header
body: "" no false/spoof data sent in the body
Payload formatted as PHP session ID
Output placed only in header, not in body

Data Flow and Encryption

Encryption and Encoding Process

When mask: true:

Original Data (encrypted with loky)
    ↓
XOR Encryption (symmetric key cipher)
    ↓
Format Encoding (base64/base32/base64url/raw)
    ↓
Output (in header/parameter/body)

When mask: false:

Original Data (encrypted with loky)
    ↓
Format Encoding (base64/base32/base64url/raw)
    ↓
Output (in header/parameter/body)

Complete Callback Example

{
  "callback": [
    {
      "host": ["server2.com:443"],
      "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
      "get": {
        "server.headers": {
          "Content-Type": "text/html; charset=utf-8",
          "Server": "Apache/2.4.41",
          "Cache-Control": "no-store, no-cache, must-revalidate",
          "X-Powered-By": "Express",
          "X-RateLimit-Limit": "1000",
          "X-RateLimit-Remaining": "998",
          "X-RateLimit-Reset": "1704110400",
          "X-Request-ID": "req_abc123def456"
        },
        "client.headers": {
          "Content-Type": "application/json",
          "Accept": "application/json",
          "Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
          "Cache-Control": "no-cache"
        },
        "empty_response": "",
        "server.error": {
          "http_status": 404,
          "response": "\n404\nPage not found\nBack to home\n"
        },
        "uri": {
          "/route1 /route2 /route3": {
            "server.output": {
              "mask": false,
              "format": "base64"
            },
            "client.output": {
              "mask": true,
              "format": "base64url",
              "parameter": "info"
            },
            "client.parameters": [
              {
                "beacon_status": "ok",
                "beacon_name": "kharon"
              }
            ]
          },
          "/route4": {
            "server.output": {
              "mask": true,
              "format": "base64url",
              "parameter": "info"
            },
            "client.output": {
              "mask": true,
              "format": "base64",
              "header": "cookie",
              "body": false
            },
            "payload": "PHPSESSID=<<<PAYLOAD_DATA>>>"
          }
        }
      },
      "post": {
        "server.headers": {
          "Content-Type": "application/json; charset=utf-8",
          "Server": "Apache/2.4.41",
          "Cache-Control": "no-store, no-cache, must-revalidate",
          "X-Powered-By": "Express",
          "X-RateLimit-Limit": "1000",
          "X-RateLimit-Remaining": "997",
          "X-RateLimit-Reset": "1704110400",
          "X-Request-ID": "req_abc123def456",
          "Location": "https://api.example.com/resource/123"
        },
        "client.headers": {
          "Content-Type": "application/json",
          "Accept": "application/json",
          "Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
          "Cache-Control": "no-cache"
        },
        "empty_response": "",
        "server.error": {
          "http_status": 403,
          "response": "{\"status\": 403, \"error\": \"Forbidden\", \"message\": \"Access denied\"}"
        },
        "uri": {
          "/route1 /route2": {
            "server.output": {
              "parameter": "info",
              "body": "{\"status\": 200, \"message\": \"Success\"}",
              "format": "base64url"
            },
            "client.output": {
              "mask": true,
              "format": "base64",
              "payload": "{\"health\": \"alive\", \"timestamp\": \"<<<PAYLOAD_DATA>>>\", \"message\": \"<<<PAYLOAD_DATA>>>\"}"
            }
          }
        }
      }
    }
  ]
}

PreviousSetup NextBuild

Last updated 1 month ago

Good afternoon

hashtagListener UI

hashtagDomain Rotation

hashtagProxy Settings

hashtagUse SSL (HTTPS)

hashtagUpload Profile

hashtagMalleable Profile Overview

hashtagProfile Structure

hashtagRoot Level

hashtagCallback Object

hashtagMultiple Hosts

hashtagUser Agent

hashtagExample Callback Structure

hashtagRequest Methods: GET and POST

hashtagIndependent Configuration

hashtagEmpty Response

hashtagServer Error Configuration

hashtagHeaders

hashtagRoute Configuration

hashtagRoute Grouping

hashtagIndividual Route Configuration

hashtagComplete Route Configuration Example

hashtagExample 1: Grouped Routes with Shared Behavior

hashtagExample 2: Unique Route with Header Output

hashtagData Flow and Encryption

hashtagEncryption and Encoding Process

hashtagComplete Callback Example