# Agent settings
reconnect_delay: 10000 # miliseconds
jitter_percent: 30
startup_delay: 0 # miliseconds

# Agent indentity configuration
c2_agent_user_agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
c2_identification_header: "Accept-Language"
c2_identification_value: "en-US,en;q=0.9"

# Agent common request headers
agent_request_headers:
  - "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
  - "Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate"
  - "Pragma: no-cache"
  - "Connection: keep-alive"

# Domain-specific profiles - only configured domains can be bound to listener
domain_profiles:
  "test1.com":  #Domain name
    ssl:  # Certficate and key for this domain
      cert_file: "certificates/example.com.crt"
      key_file: "certificates/example.com.key"
    # Domain-specific content
    web_content_path: "/home/pavlo/test1.com"
    # Headers and cookie indicating a new message from server
    command_header_name: "Server-Timing"
    command_header_value: "cfExtPri"
    command_cookie_name: "x-auth-csrf-token"
    # Cookie where agent embeds message to
    message_cookie_name: "sessionID"
    # Header to agent indicate message in request body when POST method is used
    body_message_header: "X-Requested-With"
    body_message_header_value: "XMLHttpRequest"

    # Common response to mimic legit http traffic
    headers:
      cache-control: "max-age=3600"
      content-encoding: "gzip"
      pragma: "no-cache"
      server: "Microsoft-IIS/10.0"
      strict-transport-security: "max-age=31536000"
      x-aspnet-version: "4.0.30319"
      x-powered-by: "ASP.NET"
      x-content-type-options: "nosniff"
      x-frame-options: "DENY"
      x-xss-protection: "1; mode=block"

  "test2.com":
    ssl:
      cert_file: "certificates/example.com.crt"
      key_file: "certificates/example.com.key"
    web_content_path: "/home/pavlo/192.168.1.4"
    command_cookie_name: "JSESSIONID"
    command_header_name: "X-Powered-By"
    command_header_value: "ASP.NET"
    message_cookie_name: "security_token"
    body_message_header: "X-Requested-With"
    body_message_header_value: "XMLHttpRequest"

    headers:
      alt-svc: 'h3=":443"; ma=86400'
      cache-control: "private, no-cache, no-store, max-age=0, must-revalidate"
      cf-cache-status: "DYNAMIC"
      cf-ray: "29a9f76c7d9edf6-BRL"
      content-encoding: "br"
      cross-origin-opener-policy: "same-origin-allow-popups"
      cross-origin-resource-policy: "same-origin"
      origin-agent-cluster: "?1"
      priority: "u=0,i"
      referrer-policy: "no-referrer-when-downgrade"
      server: "cloudflare"
      strict-transport-security: "max-age=15552000; includeSubDomains; preload"
      vary: "Accept-Encoding"
      x-content-type-options: "nosniff"
      x-dns-prefetch-control: "on"
      x-download-options: "noopen"
      x-frame-options: "SAMEORIGIN"
      x-permitted-cross-domain-policies: "none"