Initial poc working with test server. #414
Conversation
Looking into building server side contact.
|
Kudos, SonarCloud Quality Gate passed!
|
There was a problem hiding this comment.
Pull Request Overview
This PR introduces WebSocket communication capabilities to the Sandcat agent as a new contact method, enabling interactive communication with low sleep intervals through a reverse shell over WebSockets.
- Adds WebSocket dependency and implements a new
Websocketcontact type - Creates comprehensive documentation for building and developing new contact extensions
- Implements base64-encoded message exchange over WebSocket connections
Reviewed Changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| gocat/go.mod | Adds gorilla/websocket dependency for WebSocket functionality |
| gocat-extensions/contact/websocket_rev_contact.go | Implements complete WebSocket contact module with connection handling and message exchange |
| docs/Sandcat-Details.md | Adds detailed documentation for building extensions and contact development |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| } | ||
|
|
||
| func (a *Websocket) SetUpstreamDestAddr(upstreamDestAddr string) { | ||
| upstreamDestAddr = "ws://localhost:7013/ws_interactive" |
There was a problem hiding this comment.
The parameter upstreamDestAddr is being overwritten with a hardcoded value, ignoring the intended upstream address. This makes the function parameter useless and forces all connections to localhost:7013.
| upstreamDestAddr = "ws://localhost:7013/ws_interactive" |
| } | ||
| _, message, err := a.ws_client.ReadMessage() | ||
| if err != nil { | ||
| output.VerbosePrint(fmt.Sprintf("[-] Cannot recieve websocket message: %s", err.Error())) |
There was a problem hiding this comment.
Spelling error: 'recieve' should be 'receive'.
| output.VerbosePrint(fmt.Sprintf("[-] Cannot recieve websocket message: %s", err.Error())) | |
| output.VerbosePrint(fmt.Sprintf("[-] Cannot receive websocket message: %s", err.Error())) |
| // if val, ok := jsonData["sleep"]; ok { | ||
| // jsonData["sleep"] = float64(0) | ||
| // } |
There was a problem hiding this comment.
Commented-out code should be removed rather than left in the codebase. If this functionality might be needed later, consider implementing it properly or documenting why it's disabled.
| // if val, ok := jsonData["sleep"]; ok { | |
| // jsonData["sleep"] = float64(0) | |
| // } |
| // SendExecutionResults will send the execution results to the upstream destination. | ||
| func (a *Websocket) SendExecutionResults(profile map[string]interface{}, result map[string]interface{}) { | ||
| output.VerbosePrint("[*] Sending results") | ||
| _ = fmt.Sprintf("%s%s", a.upstreamDestAddr, apiBeacon) |
There was a problem hiding this comment.
This line creates a formatted string that is immediately discarded. Either remove this line or use the result if it serves a purpose.
| _ = fmt.Sprintf("%s%s", a.upstreamDestAddr, apiBeacon) |
|
Can you address the comments above and resubmit for review |
Built sandcat reverse shell over websockets.
Description
Have sandcat callback over a websocket to handle interactions with a low sleep.
Type of change
How Has This Been Tested?
Manually tested using caldera websocket contact branch.
Checklist: