mirror of https://github.com/gophish/gophish
Merge pull request #146 from gophish/77-fix-tls-issues
Adding support for self-signed certs. Fixes #77pull/147/head
commit
0a7bfcf664
|
@ -0,0 +1,8 @@
|
|||
|
||||
-- +goose Up
|
||||
-- SQL in section 'Up' is executed when this migration is applied
|
||||
ALTER TABLE smtp ADD COLUMN ignore_cert_errors BOOLEAN;
|
||||
|
||||
-- +goose Down
|
||||
-- SQL section 'Down' is executed when this migration is rolled back
|
||||
|
|
@ -10,6 +10,7 @@ type SMTP struct {
|
|||
Username string `json:"username,omitempty"`
|
||||
Password string `json:"password,omitempty" sql:"-"`
|
||||
FromAddress string `json:"from_address"`
|
||||
IgnoreCertErrors bool `json:"ignore_cert_errors"`
|
||||
}
|
||||
|
||||
// ErrFromAddressNotSpecified is thrown when there is no "From" address
|
||||
|
|
|
@ -374,6 +374,9 @@ table.dataTable thead .sorting_desc:after {
|
|||
content: "\f0dd" !important;
|
||||
opacity: .8 !important;
|
||||
}
|
||||
td.details-control{
|
||||
cursor:pointer;
|
||||
}
|
||||
.timeline{
|
||||
text-align:left;
|
||||
background-color:#ffffff;
|
||||
|
@ -445,6 +448,10 @@ table.dataTable thead .sorting_desc:after {
|
|||
margin-top: 10px;
|
||||
margin-bottom: 10px;
|
||||
}
|
||||
.timeline-event-table{
|
||||
.timeline-event-results{
|
||||
font-size:16px;
|
||||
display:none;
|
||||
}
|
||||
.tooltip-inner {
|
||||
width:300px !important;
|
||||
}
|
||||
|
|
|
@ -139,10 +139,11 @@ function renderTimeline(data) {
|
|||
' <span class="timeline-date">' + moment(event.time).format('MMMM Do YYYY h:mm') + '</span>'
|
||||
if (event.details) {
|
||||
results += '<div class="timeline-event-details"><i class="fa fa-caret-right"></i> View Details</div>'
|
||||
results += '<div class="timeline-event-table">'
|
||||
details = JSON.parse(event.details)
|
||||
if (details.payload) {
|
||||
results += '<div class="timeline-event-results">'
|
||||
results += ' <table class="table table-condensed table-bordered table-striped">'
|
||||
results += ' <thead><tr><th>Parameter</th><th>Value(s)</tr></thead><tbody>'
|
||||
details = JSON.parse(event.details)
|
||||
$.each(Object.keys(details.payload), function(i, param) {
|
||||
if (param == "rid") {
|
||||
return true;
|
||||
|
@ -155,6 +156,12 @@ function renderTimeline(data) {
|
|||
results += ' </tbody></table>'
|
||||
results += '</div>'
|
||||
}
|
||||
if (details.error) {
|
||||
results += '<div class="timeline-event-results">'
|
||||
results += '<span class="label label-default">Error</span> ' + details.error
|
||||
results += '</div>'
|
||||
}
|
||||
}
|
||||
results += '</div></div>'
|
||||
}
|
||||
})
|
||||
|
@ -174,15 +181,15 @@ $(document).ready(function() {
|
|||
// Setup viewing the details of a result
|
||||
$("#resultsTable").on("click", ".timeline-event-details", function() {
|
||||
// Show the parameters
|
||||
payloadTable = $(this).parent().find(".timeline-event-table")
|
||||
if (payloadTable.is(":visible")) {
|
||||
payloadResults = $(this).parent().find(".timeline-event-results")
|
||||
if (payloadResults.is(":visible")) {
|
||||
$(this).find("i").removeClass("fa-caret-down")
|
||||
$(this).find("i").addClass("fa-caret-right")
|
||||
payloadTable.hide()
|
||||
payloadResults.hide()
|
||||
} else {
|
||||
$(this).find("i").removeClass("fa-caret-right")
|
||||
$(this).find("i").addClass("fa-caret-down")
|
||||
payloadTable.show()
|
||||
payloadResults.show()
|
||||
}
|
||||
})
|
||||
// Setup our graphs
|
||||
|
|
|
@ -35,6 +35,7 @@ function launch() {
|
|||
host: $("input[name=host]").val(),
|
||||
username: $("input[name=username]").val(),
|
||||
password: $("input[name=password]").val(),
|
||||
ignore_cert_errors: $("#ignore_cert_errors").prop("checked")
|
||||
},
|
||||
groups: groups
|
||||
}
|
||||
|
@ -73,6 +74,7 @@ function sendTestEmail() {
|
|||
host: $("input[name=host]").val(),
|
||||
username: $("input[name=username]").val(),
|
||||
password: $("input[name=password]").val(),
|
||||
ignore_cert_errors: $("#ignore_cert_errors").prop("checked")
|
||||
}
|
||||
}
|
||||
btnHtml = $("#sendTestModalSubmit").html()
|
||||
|
|
|
@ -96,7 +96,10 @@
|
|||
<br />
|
||||
<label class="control-label" for="smtp_server">Password:</label>
|
||||
<input type="password" class="form-control" placeholder="Password" value="" name="password">
|
||||
<br />
|
||||
<div class="checkbox checkbox-primary">
|
||||
<input id="ignore_cert_errors" type="checkbox" checked>
|
||||
<label for="ignore_cert_errors">Ignore Certificate Errors <i class="fa fa-question-circle" data-toggle="tooltip" data-placement="right" title="Ignore common certificate errors such as self-signed certs (exposes you to MiTM attacks - use carefully!)"></i></label>
|
||||
</div>
|
||||
<button type="button" data-toggle="modal" data-target="#sendTestEmailModal" class="btn btn-primary"><i class="fa fa-envelope"></i> Send Test Email</button>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -8,8 +8,8 @@ import (
|
|||
"net/http"
|
||||
"net/mail"
|
||||
|
||||
"github.com/jordan-wright/email"
|
||||
"github.com/gophish/gophish/models"
|
||||
"github.com/jordan-wright/email"
|
||||
)
|
||||
|
||||
// ParseMail takes in an HTTP Request and returns an Email object
|
||||
|
|
|
@ -2,6 +2,8 @@ package worker
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/tls"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"log"
|
||||
"net/mail"
|
||||
|
@ -52,6 +54,10 @@ func processCampaign(c *models.Campaign) {
|
|||
if c.SMTP.Username != "" && c.SMTP.Password != "" {
|
||||
auth = smtp.PlainAuth("", c.SMTP.Username, c.SMTP.Password, strings.Split(c.SMTP.Host, ":")[0])
|
||||
}
|
||||
tc := &tls.Config{
|
||||
ServerName: c.SMTP.Host,
|
||||
InsecureSkipVerify: c.SMTP.IgnoreCertErrors,
|
||||
}
|
||||
f, err := mail.ParseAddress(c.SMTP.FromAddress)
|
||||
if err != nil {
|
||||
Logger.Println(err)
|
||||
|
@ -108,14 +114,23 @@ func processCampaign(c *models.Campaign) {
|
|||
Logger.Println("Creating email using template")
|
||||
e.To = []string{t.Email}
|
||||
Logger.Printf("Sending Email to %s\n", t.Email)
|
||||
err = e.Send(c.SMTP.Host, auth)
|
||||
err = e.SendWithTLS(c.SMTP.Host, auth, tc)
|
||||
if err != nil {
|
||||
Logger.Println(err)
|
||||
es := struct {
|
||||
Error string `json:"error"`
|
||||
}{
|
||||
Error: err.Error(),
|
||||
}
|
||||
ej, err := json.Marshal(es)
|
||||
if err != nil {
|
||||
Logger.Println(err)
|
||||
}
|
||||
err = t.UpdateStatus(models.ERROR)
|
||||
if err != nil {
|
||||
Logger.Println(err)
|
||||
}
|
||||
err = c.AddEvent(models.Event{Email: t.Email, Message: models.EVENT_SENDING_ERROR})
|
||||
err = c.AddEvent(models.Event{Email: t.Email, Message: models.EVENT_SENDING_ERROR, Details: string(ej)})
|
||||
if err != nil {
|
||||
Logger.Println(err)
|
||||
}
|
||||
|
@ -145,6 +160,10 @@ func SendTestEmail(s *models.SendTestEmailRequest) error {
|
|||
if s.SMTP.Username != "" && s.SMTP.Password != "" {
|
||||
auth = smtp.PlainAuth("", s.SMTP.Username, s.SMTP.Password, strings.Split(s.SMTP.Host, ":")[0])
|
||||
}
|
||||
t := &tls.Config{
|
||||
ServerName: s.SMTP.Host,
|
||||
InsecureSkipVerify: s.SMTP.IgnoreCertErrors,
|
||||
}
|
||||
f, err := mail.ParseAddress(s.SMTP.FromAddress)
|
||||
if err != nil {
|
||||
Logger.Println(err)
|
||||
|
@ -188,7 +207,7 @@ func SendTestEmail(s *models.SendTestEmailRequest) error {
|
|||
e.Subject = string(subjBuff.Bytes())
|
||||
e.To = []string{s.Email}
|
||||
Logger.Printf("Sending Email to %s\n", s.Email)
|
||||
err = e.Send(s.SMTP.Host, auth)
|
||||
err = e.SendWithTLS(s.SMTP.Host, auth, t)
|
||||
if err != nil {
|
||||
Logger.Println(err)
|
||||
// For now, let's split the error and return
|
||||
|
|
Loading…
Reference in New Issue