Skip to content

Commit

Permalink
Merge pull request #4 from evait-security/2651
Browse files Browse the repository at this point in the history 
merge 2651 into origin/2651 without minified js
  • Loading branch information
@FLX-0x00
FLX-0x00 authored Sep 13, 2023
2 parents 663308d + b1e3c35 commit afbd7e0
Show file tree
Hide file tree
Showing 6 changed files with 95 additions and 9 deletions.
23 changes: 20 additions & 3 deletions controllers/phish.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -272,14 +272,31 @@ func renderPhishResponse(w http.ResponseWriter, r *http.Request, ptx models.Phis
// If the request was a form submit and a redirect URL was specified, we
// should send the user to that URL
if r.Method == "POST" {
if p.RedirectURL != "" {
redirectURL, err := models.ExecuteTemplate(p.RedirectURL, ptx)
switch p.RedirectMode {
case "url":
if p.RedirectURL != "" {
redirectURL, err := models.ExecuteTemplate(p.RedirectURL, ptx)
if err != nil {
log.Error(err)
http.NotFound(w, r)
return
}
http.Redirect(w, r, redirectURL, http.StatusFound)
return
}
break
case "html":
html, err := models.ExecuteTemplate(p.RedirectHTML, ptx)
if err != nil {
log.Error(err)
http.NotFound(w, r)
return
}
http.Redirect(w, r, redirectURL, http.StatusFound)
w.Write([]byte(html))
return
default:
log.Error("Redirect mode " + p.RedirectMode + " not found")
http.NotFound(w, r)
return
}
}
Expand Down
4 changes: 4 additions & 0 deletions db/db_mysql/migrations/20221020122500_0.12.1_redirect_mode.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
-- +goose Up
-- SQL in section 'Up' is executed when this migration is applied
ALTER TABLE `pages` ADD COLUMN redirect_html TEXT;
ALTER TABLE `pages` ADD COLUMN redirect_mode TEXT;
4 changes: 4 additions & 0 deletions db/db_sqlite3/migrations/20221020122500_0.12.1_redirect_mode.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
-- +goose Up
-- SQL in section 'Up' is executed when this migration is applied
ALTER TABLE `pages` ADD COLUMN redirect_html TEXT;
ALTER TABLE `pages` ADD COLUMN redirect_mode TEXT;
5 changes: 5 additions & 0 deletions models/page.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ type Page struct {
CapturePasswords bool `json:"capture_passwords" gorm:"column:capture_passwords"`
RedirectURL string `json:"redirect_url" gorm:"column:redirect_url"`
ModifiedDate time.Time `json:"modified_date"`
RedirectMode string `json:"redirect_mode" gorm:"column:redirect_mode"` // can be either 'url' or 'html'
RedirectHTML string `json:"redirect_html" gorm:"column:redirect_html"`
}

// ErrPageNameNotSpecified is thrown if the name of the landing page is blank.
Expand Down Expand Up @@ -85,6 +87,9 @@ func (p *Page) Validate() error {
if err := ValidateTemplate(p.RedirectURL); err != nil {
return err
}
if err := ValidateTemplate(p.RedirectHTML); err != nil {
return err
}
return p.parseHTML()
}

Expand Down
41 changes: 40 additions & 1 deletion static/js/src/app/landing_pages.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ function save(idx) {
page.capture_credentials = $("#capture_credentials_checkbox").prop("checked")
page.capture_passwords = $("#capture_passwords_checkbox").prop("checked")
page.redirect_url = $("#redirect_url_input").val()
page.redirect_mode = $("input[name=redirect_choice]:checked").val()
page.redirect_html = $("#redirect_html_editor").val()
if (idx != -1) {
page.id = pages[idx].id
api.pageId.put(page)
Expand Down Expand Up @@ -43,6 +45,7 @@ function dismiss() {
$("#html_editor").val("")
$("#url").val("")
$("#redirect_url_input").val("")
$("#redirect_html_editor").val("")
$("#modal").find("input[type='checkbox']").prop("checked", false)
$("#capture_passwords").hide()
$("#redirect_url").hide()
Expand Down Expand Up @@ -104,25 +107,37 @@ function importSite() {
})
}
}

function edit(idx) {
$("#modalSubmit").unbind('click').click(function () {
save(idx)
})

$("#html_editor").ckeditor()
setupAutocomplete(CKEDITOR.instances["html_editor"])

$("#redirect_html_editor").ckeditor()
setupAutocomplete(CKEDITOR.instances["redirect_html_editor"])

var page = {}
if (idx != -1) {
$("#modalLabel").text("Edit Landing Page")
page = pages[idx]
$("#name").val(page.name)
$("#html_editor").val(page.html)
$("#redirect_html_editor").val(page.redirect_html)
$("#capture_credentials_checkbox").prop("checked", page.capture_credentials)
$("#capture_passwords_checkbox").prop("checked", page.capture_passwords)
$("#redirect_url_input").val(page.redirect_url)
if (page.capture_credentials) {
$("#capture_passwords").show()
$("#after-submit").show()
$("#redirect_url").show()
if (page.redirect_mode == "html"){
$("#redirect_html_radio").prop("checked", true)
$("#redirect_html").show()
$("#redirect_url").hide()
}
}
} else {
$("#modalLabel").text("New Landing Page")
Expand All @@ -134,9 +149,26 @@ function copy(idx) {
save(-1)
})
$("#html_editor").ckeditor()
$("#redirect_html_editor").ckeditor()
var page = pages[idx]
$("#name").val("Copy of " + page.name)

$("#html_editor").val(page.html)
$("#redirect_html_editor").val(page.redirect_html)

$("#capture_credentials_checkbox").prop("checked", page.capture_credentials)
$("#capture_passwords_checkbox").prop("checked", page.capture_passwords)

if (page.capture_credentials) {
$("#capture_passwords").show()
$("#after-submit").show()
$("#redirect_url").show()
if (page.redirect_mode == "html"){
$("#redirect_html_radio").prop("checked", true)
$("#redirect_html").show()
$("#redirect_url").hide()
}
}
}

function load() {
Expand Down Expand Up @@ -237,7 +269,14 @@ $(document).ready(function () {
$("#capture_credentials_checkbox").change(function () {
$("#capture_passwords").toggle()
$("#redirect_url").toggle()
$("#after-submit").toggle()
})

$("input[name=redirect_choice]").change(function () {
$("#redirect_url").toggle()
$("#redirect_html").toggle()
})

CKEDITOR.on('dialogDefinition', function (ev) {
// Take the dialog name and its definition from the event data.
var dialogName = ev.data.name;
Expand Down
27 changes: 22 additions & 5 deletions templates/landing_pages.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,11 +76,28 @@ <h4 class="modal-title" id="modalLabel">New Landing Page</h4>
Be careful with this!
</div>
</div>
<div id="redirect_url">
<label class="control-label" for="redirect_url_input">Redirect to: <i class="fa fa-question-circle"
data-toggle="tooltip" data-placement="right" title="This option lets you redirect the user to a page after credentials are submitted."></i></label>
<div class="form-group">
<input id="redirect_url_input" class="form-control" placeholder="http://example.com" />
<div id="after-submit" style="display: none">
<input type="radio" name="redirect_choice" id="redirect_url_radio" value="url" checked>
<label for="redirect_url_radio">Redirect to URL</label><br>
<input type="radio" name="redirect_choice" id="redirect_html_radio" value="html">
<label for="redirect_html_radio">Redirect to HTML</label>
<div id="redirect_url">
<label class="control-label" for="redirect_url_input">Redirect to: <i class="fa fa-question-circle"
data-toggle="tooltip" data-placement="right" title="This option lets you redirect the user to a page after credentials are submitted."></i></label>
<div class="form-group">
<input id="redirect_url_input" class="form-control" placeholder="http://example.com" />
</div>
</div>
<div id="redirect_html" style="display:none;">
<ul class="nav nav-tabs" role="tablist">
<li class="active" role="redirect_html_tab"><a href="#redirect_html_tab" aria-controls="redirect_html_tab" role="tab" data-toggle="tab">Redirect HTML</a></li>
</ul>
<!-- Tab panes -->
<div class="tab-content">
<div role="tabpanel" class="tab-pane active" id="redirect_html_tab">
<textarea id="redirect_html_editor"></textarea>
</div>
</div>
</div>
</div>
</div>
Expand Down

0 comments on commit afbd7e0

Please sign in to comment.