1: Understanding the interface
Before writing the agent and its handler, we need to understand how Havoc handles third party agents.
Callback specifications
Since we are handling our own custom agent's callbacks ourselves, there isn't a fixed callback data structure we have to follow. However, there is a fixed set of bytes that must be prepended to each callback that gives Havoc some basic information on how to handle the callback. These bytes are as such:
So the structure of a typical callback should be something like this:
The third party agent system
The way Havoc third party agents work, is that any data sent to a valid C2 listening interface (http/s, external c2 etc.) is checked for its magic value, and forwarded to the appropriate agent handler. For example:
That's pretty much all you need to understand about Havoc's third party agent interface.
Last updated