This project converts a Cobalt Strike profile to a functional web.config file to support HTTP/S reverse proxy redirection from IIS to a Cobalt Strike teamserver.
This is a spiritual counterpart to cs2modrewrite.
Script to generate web.config files for IIS servers based on Cobalt Strike malleable profiles.
Usage:
python cs2webconfig.py -t <teamserveraddress> -p <c2profile> -r <redirectoraddress> -o <outputfile>
Template file needed by IIS servers to enable proxying similar to apache2 mod_proxy. Upload to the site parent folder of the IIS server, then restart the IIS service.
Once redirection is configured and functioning, ensure your C2 servers only allow ingress from the redirector and your trusted IPs (VPN, office ranges, etc).
For a quick walkthrough on how to use this with Azure Application Services, check out the wiki!
IIS servers require the teamserver has a valid SSL certificate from a trusted provider. Let's Encrypt is a valid option.