From 3217ab53fe75220088cba95e23721b8838332fc2 Mon Sep 17 00:00:00 2001
From: Luca <luke.994@hotmail.com>
Date: Thu, 2 Nov 2023 16:55:41 +0100
Subject: [PATCH] Fixed min_path and max_path settings on http profile
 customization

---
 .../sliver/transports/httpclient/httpclient.go   | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/implant/sliver/transports/httpclient/httpclient.go b/implant/sliver/transports/httpclient/httpclient.go
index 5eb70b275f..4bf6f8deb0 100644
--- a/implant/sliver/transports/httpclient/httpclient.go
+++ b/implant/sliver/transports/httpclient/httpclient.go
@@ -648,13 +648,15 @@ func (s *SliverHTTPClient) closeURL() *url.URL {
 // Must return at least a file name, path segments are optional
 func (s *SliverHTTPClient) randomPath(segments []string, filenames []string, ext string) []string {
 	genSegments := []string{}
-	if 0 < len(segments) {
-		n := insecureRand.Intn(len(segments)) // How many segments?
-		for index := 0; index < n; index++ {
-			seg := segments[insecureRand.Intn(len(segments))]
-			genSegments = append(genSegments, seg)
-		}
-	}
+        if 0 < len(segments) {
+                min, _ := strconv.Atoi("{{.HTTPC2ImplantConfig.MinPaths}}")
+                max, _ := strconv.Atoi("{{.HTTPC2ImplantConfig.MaxPaths}}")
+                n := insecureRand.Intn(max-min+1) + min // How many segments?
+                for index := 0; index < n; index++ {
+                        seg := segments[insecureRand.Intn(len(segments))]
+                        genSegments = append(genSegments, seg)
+                }
+        }
 	filename := filenames[insecureRand.Intn(len(filenames))]
 
 	// {{if .Config.Debug}}