2020-01-18 17:58:34 +00:00
|
|
|
package imap
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"crypto/tls"
|
|
|
|
"fmt"
|
2020-06-17 01:02:09 +00:00
|
|
|
"regexp"
|
2020-01-18 17:58:34 +00:00
|
|
|
"strconv"
|
|
|
|
"time"
|
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
"github.com/emersion/go-imap"
|
|
|
|
"github.com/emersion/go-imap/client"
|
|
|
|
"github.com/emersion/go-message/charset"
|
Implement SSRF Mitigations (#1940)
Initial commit of SSRF mitigations.
This fixes #1908 by creating a *net.Dialer which restricts outbound connections to only allowed IP ranges. This implementation is based on the blog post at https://www.agwa.name/blog/post/preventing_server_side_request_forgery_in_golang
To keep things backwards compatible, by default we'll only block connections to 169.254.169.254, the link-local IP address commonly used in cloud environments to retrieve metadata about the running instance. For other internal addresses (e.g. localhost or RFC 1918 addresses), it's assumed that those are available to Gophish.
To support more secure environments, we introduce the `allowed_internal_hosts` configuration option where an admin can set one or more IP ranges in CIDR format. If addresses are specified here, then all internal connections will be blocked except to these hosts.
There are various bits about this approach I don't really like. For example, since various packages all need this functionality, I had to make the RestrictedDialer a global singleton rather than a dependency off of, say, the admin server. Additionally, since webhooks are implemented via a singleton, I had to introduce a new function, `SetTransport`.
Finally, I had to make an update in the gomail package to support a custom net.Dialer.
2020-08-20 14:36:18 +00:00
|
|
|
"github.com/gophish/gophish/dialer"
|
2020-01-18 17:58:34 +00:00
|
|
|
log "github.com/gophish/gophish/logger"
|
|
|
|
"github.com/gophish/gophish/models"
|
2020-06-17 01:02:09 +00:00
|
|
|
|
2020-01-18 17:58:34 +00:00
|
|
|
"github.com/jordan-wright/email"
|
|
|
|
)
|
|
|
|
|
|
|
|
// Client interface for IMAP interactions
|
|
|
|
type Client interface {
|
|
|
|
Login(username, password string) (cmd *imap.Command, err error)
|
|
|
|
Logout(timeout time.Duration) (cmd *imap.Command, err error)
|
2020-06-17 01:02:09 +00:00
|
|
|
Select(name string, readOnly bool) (mbox *imap.MailboxStatus, err error)
|
|
|
|
Store(seq *imap.SeqSet, item imap.StoreItem, value interface{}, ch chan *imap.Message) (err error)
|
|
|
|
Fetch(seqset *imap.SeqSet, items []imap.FetchItem, ch chan *imap.Message) (err error)
|
2020-01-18 17:58:34 +00:00
|
|
|
}
|
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
// Email represents an email.Email with an included IMAP Sequence Number
|
2020-01-18 17:58:34 +00:00
|
|
|
type Email struct {
|
2020-06-17 01:02:09 +00:00
|
|
|
SeqNum uint32 `json:"seqnum"`
|
2020-01-18 17:58:34 +00:00
|
|
|
*email.Email
|
|
|
|
}
|
|
|
|
|
|
|
|
// Mailbox holds onto the credentials and other information
|
|
|
|
// needed for connecting to an IMAP server.
|
|
|
|
type Mailbox struct {
|
2020-08-08 20:03:42 +00:00
|
|
|
Host string
|
|
|
|
TLS bool
|
|
|
|
IgnoreCertErrors bool
|
|
|
|
User string
|
|
|
|
Pwd string
|
|
|
|
Folder string
|
2020-01-18 17:58:34 +00:00
|
|
|
// Read only mode, false (original logic) if not initialized
|
|
|
|
ReadOnly bool
|
|
|
|
}
|
|
|
|
|
|
|
|
// Validate validates supplied IMAP model by connecting to the server
|
|
|
|
func Validate(s *models.IMAP) error {
|
|
|
|
err := s.Validate()
|
|
|
|
if err != nil {
|
|
|
|
log.Error(err)
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
s.Host = s.Host + ":" + strconv.Itoa(int(s.Port)) // Append port
|
|
|
|
mailServer := Mailbox{
|
2020-08-08 20:03:42 +00:00
|
|
|
Host: s.Host,
|
|
|
|
TLS: s.TLS,
|
|
|
|
IgnoreCertErrors: s.IgnoreCertErrors,
|
|
|
|
User: s.Username,
|
|
|
|
Pwd: s.Password,
|
|
|
|
Folder: s.Folder}
|
2020-01-18 17:58:34 +00:00
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
imapClient, err := mailServer.newClient()
|
2020-01-18 17:58:34 +00:00
|
|
|
if err != nil {
|
|
|
|
log.Error(err.Error())
|
|
|
|
} else {
|
2020-06-17 01:02:09 +00:00
|
|
|
imapClient.Logout()
|
2020-01-18 17:58:34 +00:00
|
|
|
}
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
// MarkAsUnread will set the UNSEEN flag on a supplied slice of SeqNums
|
|
|
|
func (mbox *Mailbox) MarkAsUnread(seqs []uint32) error {
|
|
|
|
imapClient, err := mbox.newClient()
|
2020-01-18 17:58:34 +00:00
|
|
|
if err != nil {
|
2020-06-17 01:02:09 +00:00
|
|
|
return err
|
2020-01-18 17:58:34 +00:00
|
|
|
}
|
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
defer imapClient.Logout()
|
|
|
|
|
|
|
|
seqSet := new(imap.SeqSet)
|
|
|
|
seqSet.AddNum(seqs...)
|
|
|
|
|
|
|
|
item := imap.FormatFlagsOp(imap.RemoveFlags, true)
|
|
|
|
err = imapClient.Store(seqSet, item, imap.SeenFlag, nil)
|
2020-01-18 17:58:34 +00:00
|
|
|
if err != nil {
|
2020-06-17 01:02:09 +00:00
|
|
|
return err
|
2020-01-18 17:58:34 +00:00
|
|
|
}
|
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
return nil
|
2020-01-18 17:58:34 +00:00
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
}
|
2020-01-18 17:58:34 +00:00
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
// DeleteEmails will delete emails from the supplied slice of SeqNums
|
|
|
|
func (mbox *Mailbox) DeleteEmails(seqs []uint32) error {
|
|
|
|
imapClient, err := mbox.newClient()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
2020-01-18 17:58:34 +00:00
|
|
|
}
|
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
defer imapClient.Logout()
|
|
|
|
|
|
|
|
seqSet := new(imap.SeqSet)
|
|
|
|
seqSet.AddNum(seqs...)
|
2020-01-18 17:58:34 +00:00
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
item := imap.FormatFlagsOp(imap.AddFlags, true)
|
|
|
|
err = imapClient.Store(seqSet, item, imap.DeletedFlag, nil)
|
2020-01-18 17:58:34 +00:00
|
|
|
if err != nil {
|
2020-06-17 01:02:09 +00:00
|
|
|
return err
|
2020-01-18 17:58:34 +00:00
|
|
|
}
|
2020-06-17 01:02:09 +00:00
|
|
|
|
|
|
|
return nil
|
2020-01-18 17:58:34 +00:00
|
|
|
}
|
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
// GetUnread will find all unread emails in the folder and return them as a list.
|
|
|
|
func (mbox *Mailbox) GetUnread(markAsRead, delete bool) ([]Email, error) {
|
|
|
|
imap.CharsetReader = charset.Reader
|
|
|
|
var emails []Email
|
2020-01-18 17:58:34 +00:00
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
imapClient, err := mbox.newClient()
|
2020-01-18 17:58:34 +00:00
|
|
|
if err != nil {
|
2020-06-17 01:02:09 +00:00
|
|
|
return emails, fmt.Errorf("failed to create IMAP connection: %s", err)
|
2020-01-18 17:58:34 +00:00
|
|
|
}
|
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
defer imapClient.Logout()
|
2020-01-18 17:58:34 +00:00
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
// Search for unread emails
|
|
|
|
criteria := imap.NewSearchCriteria()
|
|
|
|
criteria.WithoutFlags = []string{imap.SeenFlag}
|
|
|
|
seqs, err := imapClient.Search(criteria)
|
|
|
|
if err != nil {
|
|
|
|
return emails, err
|
2020-01-18 17:58:34 +00:00
|
|
|
}
|
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
if len(seqs) == 0 {
|
|
|
|
return emails, nil
|
2020-01-18 17:58:34 +00:00
|
|
|
}
|
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
seqset := new(imap.SeqSet)
|
|
|
|
seqset.AddNum(seqs...)
|
|
|
|
section := &imap.BodySectionName{}
|
|
|
|
items := []imap.FetchItem{imap.FetchEnvelope, imap.FetchFlags, imap.FetchInternalDate, section.FetchItem()}
|
|
|
|
messages := make(chan *imap.Message)
|
2020-01-18 17:58:34 +00:00
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
go func() {
|
|
|
|
if err := imapClient.Fetch(seqset, items, messages); err != nil {
|
|
|
|
log.Error("Error fetching emails: ", err.Error()) // TODO: How to handle this, need to propogate error out
|
2020-01-18 17:58:34 +00:00
|
|
|
}
|
2020-06-17 01:02:09 +00:00
|
|
|
}()
|
2020-01-18 17:58:34 +00:00
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
// Step through each email
|
|
|
|
for msg := range messages {
|
|
|
|
// Extract raw message body. I can't find a better way to do this with the emersion library
|
|
|
|
var em *email.Email
|
|
|
|
var buf []byte
|
|
|
|
for _, value := range msg.Body {
|
|
|
|
buf = make([]byte, value.Len())
|
|
|
|
value.Read(buf)
|
|
|
|
break // There should only ever be one item in this map, but I'm not 100% sure
|
2020-01-18 17:58:34 +00:00
|
|
|
}
|
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
//Remove CR characters, see https://github.com/jordan-wright/email/issues/106
|
|
|
|
tmp := string(buf)
|
|
|
|
re := regexp.MustCompile(`\r`)
|
|
|
|
tmp = re.ReplaceAllString(tmp, "")
|
|
|
|
buf = []byte(tmp)
|
2020-01-18 17:58:34 +00:00
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
rawBodyStream := bytes.NewReader(buf)
|
|
|
|
em, err = email.NewEmailFromReader(rawBodyStream) // Parse with @jordanwright's library
|
|
|
|
if err != nil {
|
|
|
|
return emails, err
|
2020-01-18 17:58:34 +00:00
|
|
|
}
|
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
emtmp := Email{Email: em, SeqNum: msg.SeqNum} // Not sure why msg.Uid is always 0, so swapped to sequence numbers
|
|
|
|
emails = append(emails, emtmp)
|
2020-01-18 17:58:34 +00:00
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
}
|
|
|
|
return emails, nil
|
2020-01-18 17:58:34 +00:00
|
|
|
}
|
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
// newClient will initiate a new IMAP connection with the given creds.
|
|
|
|
func (mbox *Mailbox) newClient() (*client.Client, error) {
|
|
|
|
var imapClient *client.Client
|
|
|
|
var err error
|
Implement SSRF Mitigations (#1940)
Initial commit of SSRF mitigations.
This fixes #1908 by creating a *net.Dialer which restricts outbound connections to only allowed IP ranges. This implementation is based on the blog post at https://www.agwa.name/blog/post/preventing_server_side_request_forgery_in_golang
To keep things backwards compatible, by default we'll only block connections to 169.254.169.254, the link-local IP address commonly used in cloud environments to retrieve metadata about the running instance. For other internal addresses (e.g. localhost or RFC 1918 addresses), it's assumed that those are available to Gophish.
To support more secure environments, we introduce the `allowed_internal_hosts` configuration option where an admin can set one or more IP ranges in CIDR format. If addresses are specified here, then all internal connections will be blocked except to these hosts.
There are various bits about this approach I don't really like. For example, since various packages all need this functionality, I had to make the RestrictedDialer a global singleton rather than a dependency off of, say, the admin server. Additionally, since webhooks are implemented via a singleton, I had to introduce a new function, `SetTransport`.
Finally, I had to make an update in the gomail package to support a custom net.Dialer.
2020-08-20 14:36:18 +00:00
|
|
|
restrictedDialer := dialer.Dialer()
|
2020-06-17 01:02:09 +00:00
|
|
|
if mbox.TLS {
|
2020-08-08 20:03:42 +00:00
|
|
|
config := new(tls.Config)
|
|
|
|
config.InsecureSkipVerify = mbox.IgnoreCertErrors
|
Implement SSRF Mitigations (#1940)
Initial commit of SSRF mitigations.
This fixes #1908 by creating a *net.Dialer which restricts outbound connections to only allowed IP ranges. This implementation is based on the blog post at https://www.agwa.name/blog/post/preventing_server_side_request_forgery_in_golang
To keep things backwards compatible, by default we'll only block connections to 169.254.169.254, the link-local IP address commonly used in cloud environments to retrieve metadata about the running instance. For other internal addresses (e.g. localhost or RFC 1918 addresses), it's assumed that those are available to Gophish.
To support more secure environments, we introduce the `allowed_internal_hosts` configuration option where an admin can set one or more IP ranges in CIDR format. If addresses are specified here, then all internal connections will be blocked except to these hosts.
There are various bits about this approach I don't really like. For example, since various packages all need this functionality, I had to make the RestrictedDialer a global singleton rather than a dependency off of, say, the admin server. Additionally, since webhooks are implemented via a singleton, I had to introduce a new function, `SetTransport`.
Finally, I had to make an update in the gomail package to support a custom net.Dialer.
2020-08-20 14:36:18 +00:00
|
|
|
imapClient, err = client.DialWithDialerTLS(restrictedDialer, mbox.Host, config)
|
2020-06-17 01:02:09 +00:00
|
|
|
} else {
|
Implement SSRF Mitigations (#1940)
Initial commit of SSRF mitigations.
This fixes #1908 by creating a *net.Dialer which restricts outbound connections to only allowed IP ranges. This implementation is based on the blog post at https://www.agwa.name/blog/post/preventing_server_side_request_forgery_in_golang
To keep things backwards compatible, by default we'll only block connections to 169.254.169.254, the link-local IP address commonly used in cloud environments to retrieve metadata about the running instance. For other internal addresses (e.g. localhost or RFC 1918 addresses), it's assumed that those are available to Gophish.
To support more secure environments, we introduce the `allowed_internal_hosts` configuration option where an admin can set one or more IP ranges in CIDR format. If addresses are specified here, then all internal connections will be blocked except to these hosts.
There are various bits about this approach I don't really like. For example, since various packages all need this functionality, I had to make the RestrictedDialer a global singleton rather than a dependency off of, say, the admin server. Additionally, since webhooks are implemented via a singleton, I had to introduce a new function, `SetTransport`.
Finally, I had to make an update in the gomail package to support a custom net.Dialer.
2020-08-20 14:36:18 +00:00
|
|
|
imapClient, err = client.DialWithDialer(restrictedDialer, mbox.Host)
|
2020-01-18 17:58:34 +00:00
|
|
|
}
|
|
|
|
if err != nil {
|
2020-06-17 01:02:09 +00:00
|
|
|
return imapClient, err
|
2020-01-18 17:58:34 +00:00
|
|
|
}
|
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
err = imapClient.Login(mbox.User, mbox.Pwd)
|
2020-01-18 17:58:34 +00:00
|
|
|
if err != nil {
|
2020-06-17 01:02:09 +00:00
|
|
|
return imapClient, err
|
2020-01-18 17:58:34 +00:00
|
|
|
}
|
2020-06-17 01:02:09 +00:00
|
|
|
|
|
|
|
_, err = imapClient.Select(mbox.Folder, mbox.ReadOnly)
|
|
|
|
if err != nil {
|
|
|
|
return imapClient, err
|
2020-01-18 17:58:34 +00:00
|
|
|
}
|
|
|
|
|
2020-06-17 01:02:09 +00:00
|
|
|
return imapClient, nil
|
2020-01-18 17:58:34 +00:00
|
|
|
}
|