feat(backend): default verify_tls to false for lab/redteam Mythic

flip default to False at model, API fallback, adapter, and factory layers.
add migration 0008 flipping c2_config.verify_tls server_default to false.
suppress urllib3 InsecureRequestWarning when verify_tls is off.
adapt c2 tests to new verify_tls default.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Knacky
2026-06-21 21:03:05 +02:00
parent ee5fda6059
commit 0fab40b486
6 changed files with 46 additions and 7 deletions

View File

@@ -15,6 +15,8 @@ from __future__ import annotations
from datetime import datetime
import requests
import urllib3
from urllib3.exceptions import InsecureRequestWarning
from backend.app.services.c2.adapter import (
C2Adapter,
@@ -113,10 +115,14 @@ query GetTaskOutput($display_id: Int!) {
class MythicAdapter(C2Adapter):
"""Real Mythic 3.x adapter using GraphQL over HTTP."""
def __init__(self, url: str, api_token: str, verify_tls: bool = True) -> None:
def __init__(self, url: str, api_token: str, verify_tls: bool = False) -> None:
self._url = url.rstrip("/") + "/graphql"
self._token = api_token
self._verify = verify_tls
if not verify_tls:
# Lab/red-team Mythic instances commonly use self-signed certs.
# Suppress urllib3 warnings once per process when verification is off.
urllib3.disable_warnings(InsecureRequestWarning)
def _headers(self) -> dict[str, str]:
return {