An Nginx/Apache Alternative for C2 Redirecting

Gone Are the Days Of Manually Generating TLS Certificates For C2

Hello, 🌎! Caddy is a “powerful, enterprise-ready, open-source web server with automatic HTTPS written in Go”. I have been using Caddy for about two weeks now and absolutely love how simple it is to configure and deploy. The Caddy feature I love the most is the built-in TLS certificate management capabilities that automagically handles TLS certs in memory so you no longer have to go through generating certs with openssl (hooray). With that said, in this blog, I’m going to show you how easy it is to write a C2 redirector for Metasploit with Caddy. Let’s do it!

Installing Caddy

We’ll be building Caddy from source using Go so you’ll need to install Go. Then, open up your terminal and run the following commands:

git clone "https://github.com/caddyserver/caddy.git"
cd caddy/cmd/caddy/
go build -ldflags="-w -s"
sudo mv ./caddy /usr/local/bin/

To verify our Caddy build, run caddy help . You should see Caddy’s help menu!