Sigma-C2/config.yaml

# Agent configuration
c2_agent_user_agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
c2_identification_header: "Accept-Language"
c2_identification_value: "en-US,en;q=0.9"

# Domain-specific profiles - only configured domains are allowed
domain_profiles:
  "test.com":
    ssl:
      cert_file: "certificates/example.com.crt"
      key_file: "certificates/example.com.key"

    command_cookie: "x-auth-csrf-token"
    command_header: "Server-Timing"
    command_header_value: "cfExtPri"
    message_cookie_name: "sessionID"
    body_message_header: "X-Requested-With"
    body_message_header_value: "XMLHttpRequest"
    
    headers:
      cache-control: "max-age=3600"
      content-encoding: "gzip"
      pragma: "no-cache"
      server: "Microsoft-IIS/10.0"
      strict-transport-security: "max-age=31536000"
      x-aspnet-version: "4.0.30319"
      x-powered-by: "ASP.NET"
      x-content-type-options: "nosniff"
      x-frame-options: "DENY"
      x-xss-protection: "1; mode=block"

  "example.com":
    ssl:
      cert_file: "certificates/example.com.crt"
      key_file: "certificates/example.com.key"
    
    command_cookie: "x-api-token"
    command_header: "X-API-Version"
    command_header_value: "v1"
    message_cookie_name: "api_session"
    body_message_header: "Content-Type"
    body_message_header_value: "application/json"
    
    headers:
      cache-control: "no-cache, no-store, must-revalidate"
      content-type: "application/json"
      server: "nginx/1.18.0"
      strict-transport-security: "max-age=63072000; includeSubDomains; preload"
      x-content-type-options: "nosniff"
      x-frame-options: "DENY"
      x-api-version: "1.0"

  "192.168.1.4":
    ssl:
      cert_file: "certificates/example.com.crt"
      key_file: "certificates/example.com.key"
    
    command_cookie: "JSESSIONID"
    command_header: "X-Powered-By"
    command_header_value: "ASP.NET"
    message_cookie_name: "sessionID"
    body_message_header: "X-Requested-With"
    body_message_header_value: "XMLHttpRequest"

    headers:
      alt-svc: 'h3=":443"; ma=86400'
      cache-control: "private, no-cache, no-store, max-age=0, must-revalidate"
      cf-cache-status: "DYNAMIC"
      cf-ray: "936f6a7adc8c027d-WAW"
      content-encoding: "br"
      cross-origin-opener-policy: "same-origin-allow-popups"
      cross-origin-resource-policy: "same-origin"
      origin-agent-cluster: "?1"
      priority: "u=0,i"
      referrer-policy: "no-referrer-when-downgrade"
      server: "cloudflare"
      strict-transport-security: "max-age=15552000; includeSubDomains; preload"
      vary: "Accept-Encoding"
      x-content-type-options: "nosniff"
      x-dns-prefetch-control: "on"
      x-download-options: "noopen"
      x-frame-options: "SAMEORIGIN"
      x-permitted-cross-domain-policies: "none"
Implementing dynamic https configuration load from config file and removing old transport abstraction. 2025-08-16 13:05:58 +02:00			`# Agent configuration`
			`c2_agent_user_agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"`
			`c2_identification_header: "Accept-Language"`
			`c2_identification_value: "en-US,en;q=0.9"`

			`# Domain-specific profiles - only configured domains are allowed`
			`domain_profiles:`
			`"test.com":`
			`ssl:`
			`cert_file: "certificates/example.com.crt"`
			`key_file: "certificates/example.com.key"`

			`command_cookie: "x-auth-csrf-token"`
			`command_header: "Server-Timing"`
			`command_header_value: "cfExtPri"`
			`message_cookie_name: "sessionID"`
			`body_message_header: "X-Requested-With"`
			`body_message_header_value: "XMLHttpRequest"`

			`headers:`
			`cache-control: "max-age=3600"`
			`content-encoding: "gzip"`
			`pragma: "no-cache"`
			`server: "Microsoft-IIS/10.0"`
			`strict-transport-security: "max-age=31536000"`
			`x-aspnet-version: "4.0.30319"`
			`x-powered-by: "ASP.NET"`
			`x-content-type-options: "nosniff"`
			`x-frame-options: "DENY"`
			`x-xss-protection: "1; mode=block"`

			`"example.com":`
			`ssl:`
			`cert_file: "certificates/example.com.crt"`
			`key_file: "certificates/example.com.key"`

			`command_cookie: "x-api-token"`
			`command_header: "X-API-Version"`
			`command_header_value: "v1"`
			`message_cookie_name: "api_session"`
			`body_message_header: "Content-Type"`
			`body_message_header_value: "application/json"`

			`headers:`
			`cache-control: "no-cache, no-store, must-revalidate"`
			`content-type: "application/json"`
			`server: "nginx/1.18.0"`
			`strict-transport-security: "max-age=63072000; includeSubDomains; preload"`
			`x-content-type-options: "nosniff"`
			`x-frame-options: "DENY"`
			`x-api-version: "1.0"`

			`"192.168.1.4":`
			`ssl:`
			`cert_file: "certificates/example.com.crt"`
			`key_file: "certificates/example.com.key"`

			`command_cookie: "JSESSIONID"`
			`command_header: "X-Powered-By"`
			`command_header_value: "ASP.NET"`
			`message_cookie_name: "sessionID"`
			`body_message_header: "X-Requested-With"`
			`body_message_header_value: "XMLHttpRequest"`

			`headers:`
			`alt-svc: 'h3=":443"; ma=86400'`
			`cache-control: "private, no-cache, no-store, max-age=0, must-revalidate"`
			`cf-cache-status: "DYNAMIC"`
			`cf-ray: "936f6a7adc8c027d-WAW"`
			`content-encoding: "br"`
			`cross-origin-opener-policy: "same-origin-allow-popups"`
			`cross-origin-resource-policy: "same-origin"`
			`origin-agent-cluster: "?1"`
			`priority: "u=0,i"`
			`referrer-policy: "no-referrer-when-downgrade"`
			`server: "cloudflare"`
			`strict-transport-security: "max-age=15552000; includeSubDomains; preload"`
			`vary: "Accept-Encoding"`
			`x-content-type-options: "nosniff"`
			`x-dns-prefetch-control: "on"`
			`x-download-options: "noopen"`
			`x-frame-options: "SAMEORIGIN"`
			`x-permitted-cross-domain-policies: "none"`