Redirectors
Redirectors
Section titled “Redirectors”A redirector sits between the beacon and your C2 server. It proxies valid beacon traffic and drops everything else — hiding your real server IP from blue teams and threat intel.
Generate the config
Section titled “Generate the config”XoloC2 includes a built-in redirector config generator. Go to Redirectors in the sidebar and fill in:
- C2 server address — your backend server IP or hostname
- Beacon URI path — the path your beacons poll (e.g.
/updates/check) - Web server type — Apache, nginx, or Caddy
Click Generate and copy the config to your redirector VPS.
Apache
Section titled “Apache”<VirtualHost *:443> ServerName your-redirector.com SSLEngine on SSLCertificateFile /etc/ssl/certs/your.crt SSLCertificateKeyFile /etc/ssl/private/your.key
RewriteEngine On
# Forward beacon traffic to C2 RewriteCond %{REQUEST_URI} ^/updates/check [NC] RewriteRule ^(.*)$ https://c2-backend:8443$1 [P,L]
# Drop everything else RewriteRule ^ - [F]</VirtualHost>a2enmod ssl rewrite proxy proxy_httpsystemctl restart apache2server { listen 443 ssl; server_name your-redirector.com;
ssl_certificate /etc/ssl/certs/your.crt; ssl_certificate_key /etc/ssl/private/your.key;
location /updates/check { proxy_pass https://c2-backend:8443; proxy_ssl_verify off; proxy_set_header X-Forwarded-For $remote_addr; }
location / { return 404; }}your-redirector.com { handle /updates/check* { reverse_proxy https://c2-backend:8443 { transport http { tls_insecure_skip_verify } } } respond 404}Server-side config
Section titled “Server-side config”When using a redirector, set XOLO_TRUST_PROXY=1 in your XoloC2 environment so the server logs the real beacon IP instead of the redirector IP.
- Use a domain registered via privacy-protecting registrar
- Categorize the domain as something benign (IT/business) before using it
- Rotate redirectors between engagements
- Use Let’s Encrypt for a valid TLS cert on the redirector