Merge pull request #1844 from w4lle-code/fix_c2profile_import_overwri…

…te_url_parameters

fix to import overwrite c2Profile to url_parameters

client/command/c2profiles/c2profiles.go

@@ -464,6 +464,15 @@ func C2ConfigToProtobuf(profileName string, config *assets.HTTPC2Config) *client
 		})
 	}
 
+	for _, urlParameter := range config.ImplantConfig.URLParameters {
+		httpC2UrlParameters = append(httpC2UrlParameters, &clientpb.HTTPC2URLParameter{
+			Method:      urlParameter.Method,
+			Name:        urlParameter.Name,
+			Value:       urlParameter.Value,
+			Probability: int32(urlParameter.Probability),
+		})
+	}
+
 	implantConfig := &clientpb.HTTPC2ImplantConfig{
 		UserAgent:                 config.ImplantConfig.UserAgent,
 		ChromeBaseVersion:         int32(config.ImplantConfig.ChromeBaseVersion),

implant/sliver/transports/httpclient/httpclient.go

@@ -273,11 +273,19 @@ func (s *SliverHTTPClient) newHTTPRequest(method string, uri *url.URL, body io.R
 
 	extraURLParams := []nameValueProbability{
 		// {{range $param := .HTTPC2ImplantConfig.ExtraURLParameters}}
-		{Name: "{{$param.Name}}", Value: "{{$param.Value}}", Probability: "{{$param.Probability}}"},
+		{
+			Name:        "{{$param.Name}}",
+			Value:       "{{$param.Value}}",
+			Probability: "{{$param.Probability}}",
+			Method:      "{{$param.Method}}",
+		},
 		// {{end}}
 	}
 	queryParams := req.URL.Query()
 	for _, param := range extraURLParams {
+		if len(param.Method)>0 && param.Method != method {
+			continue
+		}
 		probability, _ := strconv.Atoi(param.Probability)
 		if 0 < probability {
 			roll := insecureRand.Intn(99) + 1
@@ -426,7 +434,7 @@ func (s *SliverHTTPClient) ReadEnvelope() (*pb.Envelope, error) {
 	s.NonceQueryArgument(uri, nonce)
 	req := s.newHTTPRequest(http.MethodGet, uri, nil)
 	// {{if .Config.Debug}}
-	log.Printf("[http] GET -> %s", uri)
+	log.Printf("[http] GET -> %s", req.URL)
 	// {{end}}
 	resp, rawRespData, err := s.DoPoll(req)
 	if err != nil {

server/db/helpers.go

@@ -477,6 +477,13 @@ func HTTPC2ConfigUpdate(newConf *clientpb.HTTPC2Config, oldConf *clientpb.HTTPC2
 		return err.Error
 	}
 
+	err = Session().Where(&models.HttpC2URLParameter{
+		HttpC2ImplantConfigID: clientID,
+	}).Delete(&models.HttpC2URLParameter{})
+	if err.Error != nil {
+		return err.Error
+	}
+
 	err = Session().Where(&models.ImplantConfig{
 		ID: clientID,
 	}).Updates(c2Config.ImplantConfig)
@@ -504,6 +511,16 @@ func HTTPC2ConfigUpdate(newConf *clientpb.HTTPC2Config, oldConf *clientpb.HTTPC2
 		}
 	}
 
+	for _, urlParameter := range c2Config.ImplantConfig.ExtraURLParameters {
+		urlParameter.HttpC2ImplantConfigID = clientID
+		err = Session().Clauses(clause.OnConflict{
+			UpdateAll: true,
+		}).Create(&urlParameter)
+		if err.Error != nil {
+			return err.Error
+		}
+	}
+
 	serverID, _ := uuid.FromString(oldConf.ServerConfig.ID)
 
 	err = Session().Where(&models.HttpC2Cookie{

server/rpc/rpc-c2profile.go

@@ -80,11 +80,10 @@ func (rpc *Server) SaveHTTPC2Profile(ctx context.Context, req *clientpb.HTTPC2Co
 		return nil, configs.ErrDuplicateC2ProfileName
 	}
 
-	if httpC2Config.Name == "" {
-		return nil, configs.ErrC2ProfileNotFound
-	}
-
 	if req.Overwrite {
+		if httpC2Config.Name == "" {
+			return nil, configs.ErrC2ProfileNotFound
+		}
 		err = db.HTTPC2ConfigUpdate(req.C2Config, httpC2Config)
 		if err != nil {
 			log.Printf("Error:\n%s", err)