![]() This new protocol ratified on RFC7450 can be seen as a way to solve some HTTP/1.x issues.Īs it is a new protocol, it will cause IDS/IPS devices to struggle. Merlin is a multi-platform tool and can be used during penetration testing scenarios to take advantage of the HTTP/2 protocol bypassing, and thus, security appliances and even AV detection.īypassing security appliances using HTTP/2 protocolīy using the HTTP/2 protocol during Merlin connections, we achieve a better use of network resources and a reduced perception of latency by introducing header field compression and allowing multiple concurrent exchanges on the same connection. A server compiled to run on Linux can handle agents compiled for all other platforms (e.g., Windows). Due to the power of Golang, both components can be compiled to run on any platform, e.g., Windows, macOS and Linux. Merlin is composed of two crucial parts: the server and the agents. Merlin works based on a client-server architecture and takes advantage of the HTTP/2 protocol to perform communications between the server and host agents.įigure 1 below shows how Merlin could be employed during a security assessment.įigure 1: High-level diagram of Merlin cross-platform post-exploitation over HTTP/2 protocol, bypassing network detection mechanisms and AV signature detection. Merlin is a cross-platform post-exploitation HTTP/2 Command & Control (C&C) server written in the Golang language.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |