Listeners

Monarch comes with HTTP, HTTPS and TLS listeners to handle implant connections. The HTTPS and TCP listeners are secured by TLS.

Listeners use the ports defined in the Monarch configuration file. The default HTTP(S) ports are not the standard service ports, since they require root privileges. You may want to change those before starting the server. If you need to change configuration options, you'll have to bring the server offline temporarily.

Listeners can be activated and deactivated with the http , https and tls commands. Listeners can only be started and stopped by admins. This is because all sessions rely on their listener being active. For example, a poorly designed implant may lose a session forever if the listener is inactive at any time. However, it's expected that listeners be active most of the time.

Last updated