-
-
Notifications
You must be signed in to change notification settings - Fork 953
Communication protocol
The teamserver and the Havoc agent communicate with each other by sending raw binary data.
Each packet is composed of a header:
Header:
[ SIZE ] 4 bytes
[ Magic Value ] 4 bytes
[ Agent ID ] 4 bytes
[ Request ID ] 4 bytes
[ COMMAND ID ] 4 bytes
Packed data:
... (depends on the COMMAND ID)
The SIZE is the size of the entire packet.
The Magic Value is set to 0xdeadbeef.
The Agent ID is a 32 bit value that is randomly generated by the agent when it starts. It uniquely identifies each agent.
The Request ID is a random 32 bit value generated by the teamserver every time the operator enters a command. This value is sent to the agent, which sends it back together with the task result. The teamserver then checks that the RequestID is valid and parses the task response.
There are some tasks (like the dotnet inline-execute module) that send several messages to the teamserver, all with the same Request ID. The teamserver generates the RequestID when the operator enters the command and removes it when the dotnet program has completed its execution.