Esempio n. 1
0
// PhishHandler handles incoming client connections and registers the associated actions performed
// (such as clicked link, etc.)
func PhishHandler(w http.ResponseWriter, r *http.Request) {
	err := r.ParseForm()
	if err != nil {
		Logger.Println(err)
		http.NotFound(w, r)
		return
	}
	id := r.Form.Get("rid")
	if id == "" {
		http.NotFound(w, r)
		return
	}
	rs, err := models.GetResult(id)
	if err != nil {
		http.NotFound(w, r)
		return
	}
	rs.UpdateStatus(models.STATUS_SUCCESS)
	c, err := models.GetCampaign(rs.CampaignId, rs.UserId)
	if err != nil {
		Logger.Println(err)
	}
	p, err := models.GetPage(c.PageId, c.UserId)
	if err != nil {
		Logger.Println(err)
	}
	switch {
	case r.Method == "GET":
		err = c.AddEvent(models.Event{Email: rs.Email, Message: models.EVENT_CLICKED})
		if err != nil {
			Logger.Println(err)
		}
	case r.Method == "POST":
		// If data was POST'ed, let's record it
		// Store the data in an event
		d := struct {
			Payload url.Values        `json:"payload"`
			Browser map[string]string `json:"browser"`
		}{
			Payload: r.Form,
		}
		rj, err := json.Marshal(d)
		if err != nil {
			Logger.Println(err)
			http.NotFound(w, r)
			return
		}
		c.AddEvent(models.Event{Email: rs.Email, Message: models.EVENT_DATA_SUBMIT, Details: string(rj)})
		if err != nil {
			Logger.Println(err)
		}
	}
	w.Write([]byte(p.HTML))
}
Esempio n. 2
0
File: api.go Progetto: 4D5A/gophish
func API_Pages_Id(w http.ResponseWriter, r *http.Request) {
	vars := mux.Vars(r)
	id, _ := strconv.ParseInt(vars["id"], 0, 64)
	p, err := models.GetPage(id, ctx.Get(r, "user_id").(int64))
	if err != nil {
		JSONResponse(w, models.Response{Success: false, Message: "Page not found"}, http.StatusNotFound)
		return
	}
	switch {
	case r.Method == "GET":
		JSONResponse(w, p, http.StatusOK)
	case r.Method == "DELETE":
		err = models.DeletePage(id, ctx.Get(r, "user_id").(int64))
		if err != nil {
			JSONResponse(w, models.Response{Success: false, Message: "Error deleting page"}, http.StatusInternalServerError)
			return
		}
		JSONResponse(w, models.Response{Success: true, Message: "Page Deleted Successfully"}, http.StatusOK)
	case r.Method == "PUT":
		p = models.Page{}
		err = json.NewDecoder(r.Body).Decode(&p)
		if err != nil {
			Logger.Println(err)
		}
		if p.Id != id {
			JSONResponse(w, models.Response{Success: false, Message: "/:id and /:page_id mismatch"}, http.StatusBadRequest)
			return
		}
		err = p.Validate()
		if err != nil {
			JSONResponse(w, models.Response{Success: false, Message: "Invalid attributes given"}, http.StatusBadRequest)
			return
		}
		p.ModifiedDate = time.Now()
		p.UserId = ctx.Get(r, "user_id").(int64)
		err = models.PutPage(&p)
		if err != nil {
			JSONResponse(w, models.Response{Success: false, Message: "Error updating page"}, http.StatusInternalServerError)
			return
		}
		JSONResponse(w, p, http.StatusOK)
	}
}
Esempio n. 3
0
// PhishHandler handles incoming client connections and registers the associated actions performed
// (such as clicked link, etc.)
func PhishHandler(w http.ResponseWriter, r *http.Request) {
	r.ParseForm()
	id := r.Form.Get("rid")
	if id == "" {
		http.NotFound(w, r)
		return
	}
	rs, err := models.GetResult(id)
	if err != nil {
		http.NotFound(w, r)
		return
	}
	rs.UpdateStatus(models.STATUS_SUCCESS)
	c, err := models.GetCampaign(rs.CampaignId, rs.UserId)
	if err != nil {
		Logger.Println(err)
	}
	p, err := models.GetPage(c.PageId, c.UserId)
	if err != nil {
		Logger.Println(err)
	}
	c.AddEvent(models.Event{Email: rs.Email, Message: models.EVENT_CLICKED})
	w.Write([]byte(p.HTML))
}
Esempio n. 4
0
// PhishHandler handles incoming client connections and registers the associated actions performed
// (such as clicked link, etc.)
func PhishHandler(w http.ResponseWriter, r *http.Request) {
	err := r.ParseForm()
	if err != nil {
		Logger.Println(err)
		http.NotFound(w, r)
		return
	}
	id := r.Form.Get("rid")
	if id == "" {
		http.NotFound(w, r)
		return
	}
	rs, err := models.GetResult(id)
	if err != nil {
		http.NotFound(w, r)
		return
	}
	c, err := models.GetCampaign(rs.CampaignId, rs.UserId)
	if err != nil {
		Logger.Println(err)
	}
	// Don't process events for completed campaigns
	if c.Status == models.CAMPAIGN_COMPLETE {
		http.NotFound(w, r)
		return
	}
	rs.UpdateStatus(models.STATUS_SUCCESS)
	p, err := models.GetPage(c.PageId, c.UserId)
	if err != nil {
		Logger.Println(err)
	}
	d := struct {
		Payload url.Values        `json:"payload"`
		Browser map[string]string `json:"browser"`
	}{
		Payload: r.Form,
		Browser: make(map[string]string),
	}
	ip, _, err := net.SplitHostPort(r.RemoteAddr)
	if err != nil {
		Logger.Println(err)
		return
	}
	// Respect X-Forwarded headers
	if fips := r.Header.Get("X-Forwarded-For"); fips != "" {
		ip = strings.Split(fips, ", ")[0]
	}
	// Handle post processing such as GeoIP
	err = rs.UpdateGeo(ip)
	if err != nil {
		Logger.Println(err)
	}
	d.Browser["address"] = ip
	d.Browser["user-agent"] = r.Header.Get("User-Agent")
	rj, err := json.Marshal(d)
	if err != nil {
		Logger.Println(err)
		http.NotFound(w, r)
		return
	}
	switch {
	case r.Method == "GET":
		err = c.AddEvent(models.Event{Email: rs.Email, Message: models.EVENT_CLICKED, Details: string(rj)})
		if err != nil {
			Logger.Println(err)
		}
	case r.Method == "POST":
		// If data was POST'ed, let's record it
		// Store the data in an event
		c.AddEvent(models.Event{Email: rs.Email, Message: models.EVENT_DATA_SUBMIT, Details: string(rj)})
		if err != nil {
			Logger.Println(err)
		}
		// Redirect to the desired page
		if p.RedirectURL != "" {
			http.Redirect(w, r, p.RedirectURL, 302)
			return
		}
	}
	var htmlBuff bytes.Buffer
	tmpl, err := template.New("html_template").Parse(p.HTML)
	if err != nil {
		Logger.Println(err)
		http.NotFound(w, r)
	}
	f, err := mail.ParseAddress(c.SMTP.FromAddress)
	if err != nil {
		Logger.Println(err)
	}
	fn := f.Name
	if fn == "" {
		fn = f.Address
	}
	rsf := struct {
		models.Result
		URL  string
		From string
	}{
		rs,
		c.URL + "?rid=" + rs.RId,
		fn,
	}
	err = tmpl.Execute(&htmlBuff, rsf)
	if err != nil {
		Logger.Println(err)
		http.NotFound(w, r)
	}
	w.Write(htmlBuff.Bytes())
}