Do Implants via CLI Properties Support Parameters?

[Zamanry]

Describe the bug
I've generated numerous implants with the format of subdomain.domain.tld?param=value. Yet when I ran a Wireshark capture on my test machine (with no AV/EDR), I don't see the ?param=value appearing. I've only opened HTTP ports, not HTTPS. I know prepend is supported in the generate command, not sure on appending paths and parameters?

To be clear, I don't have enough confidence in my research to determine if what I'm seeing is middle of the HTTP(S) process or the beginning. Just hoping for some clarification in my troubleshooting.

If the generate command does not append path/parameters, would I then need to add these to the http-c2.json config?

To Reproduce
Steps to reproduce the behavior:

1. http
2. generate beacon http subdomain.domain.tld?param=value
3. Execute implant on machine with Wireshark http display filter enabled

Expected behavior
I would assume that this parameter and value would be applied per implant.

Screenshots

Desktop (please complete the following information):

• Server OS: Kali Linux
• Server Version 2024.2
• Testing OS: Windows 10 Enterprise 22H2
• Testing OS: 19045.4170

Additional context
Add any other context about the problem here.

[rkervella]

I don't think we currently support arbitrary query parameters in the HTTP(S) C2 URLs. The only ones supported and defined in the docs are to control the behavior of the HTTP client in the implant (driver selection, proxy support, etc.).