From 52b9eda3b2462c03bc7d8774618b80df7eb8ec50 Mon Sep 17 00:00:00 2001 From: Jordan Wright Date: Fri, 18 Mar 2016 20:19:13 -0500 Subject: [PATCH] Added support for redirect URL's after creds are submitted. Fixes #210 --- controllers/route.go | 5 +++++ .../20160317214457_0.2_redirect_url.sql | 8 +++++++ models/models_test.go | 8 +++++-- models/page.go | 1 + static/css/main.css | 3 +++ static/js/app/landing_pages.js | 22 ++++++++++++------- templates/landing_pages.html | 6 +++++ 7 files changed, 43 insertions(+), 10 deletions(-) create mode 100644 db/migrations/20160317214457_0.2_redirect_url.sql diff --git a/controllers/route.go b/controllers/route.go index 1e90d795..e95f63ed 100644 --- a/controllers/route.go +++ b/controllers/route.go @@ -190,6 +190,11 @@ func PhishHandler(w http.ResponseWriter, r *http.Request) { if err != nil { Logger.Println(err) } + // Redirect to the desired page + if p.RedirectURL != "" { + http.Redirect(w, r, p.RedirectURL, 302) + return + } } w.Write([]byte(p.HTML)) } diff --git a/db/migrations/20160317214457_0.2_redirect_url.sql b/db/migrations/20160317214457_0.2_redirect_url.sql new file mode 100644 index 00000000..cc016569 --- /dev/null +++ b/db/migrations/20160317214457_0.2_redirect_url.sql @@ -0,0 +1,8 @@ + +-- +goose Up +-- SQL in section 'Up' is executed when this migration is applied +ALTER TABLE pages ADD COLUMN redirect_url VARCHAR(255); + +-- +goose Down +-- SQL section 'Down' is executed when this migration is rolled back + diff --git a/models/models_test.go b/models/models_test.go index 5655634c..9ab58d92 100644 --- a/models/models_test.go +++ b/models/models_test.go @@ -106,14 +106,16 @@ func (s *ModelsSuite) TestPostPage(c *check.C) { ` p := Page{ - Name: "Test Page", - HTML: html, + Name: "Test Page", + HTML: html, + RedirectURL: "http://example.com", } // Check the capturing credentials and passwords p.CaptureCredentials = true p.CapturePasswords = true err := PostPage(&p) c.Assert(err, check.Equals, nil) + c.Assert(p.RedirectURL, check.Equals, "http://example.com") d, err := goquery.NewDocumentFromReader(strings.NewReader(p.HTML)) c.Assert(err, check.Equals, nil) forms := d.Find("form") @@ -132,8 +134,10 @@ func (s *ModelsSuite) TestPostPage(c *check.C) { // Check what happens when we don't capture passwords p.CapturePasswords = false p.HTML = html + p.RedirectURL = "" err = PutPage(&p) c.Assert(err, check.Equals, nil) + c.Assert(p.RedirectURL, check.Equals, "") d, err = goquery.NewDocumentFromReader(strings.NewReader(p.HTML)) c.Assert(err, check.Equals, nil) forms = d.Find("form") diff --git a/models/page.go b/models/page.go index 0132aacc..29ee4c3b 100644 --- a/models/page.go +++ b/models/page.go @@ -16,6 +16,7 @@ type Page struct { HTML string `json:"html" gorm:"column:html"` CaptureCredentials bool `json:"capture_credentials" gorm:"column:capture_credentials"` CapturePasswords bool `json:"capture_passwords" gorm:"column:capture_passwords"` + RedirectURL string `json:"redirect_url" gorm:"column:redirect_url"` ModifiedDate time.Time `json:"modified_date"` } diff --git a/static/css/main.css b/static/css/main.css index 675ee319..f14866d8 100644 --- a/static/css/main.css +++ b/static/css/main.css @@ -505,6 +505,9 @@ td.details-control{ #capture_passwords { display:none; } +#redirect_url { + display:none; +} @media (max-width: 767px) { .navbar-header { margin-left:10px !important; diff --git a/static/js/app/landing_pages.js b/static/js/app/landing_pages.js index a55334da..7a94399d 100644 --- a/static/js/app/landing_pages.js +++ b/static/js/app/landing_pages.js @@ -13,6 +13,7 @@ function save(idx) { page.html = editor.getData() page.capture_credentials = $("#capture_credentials_checkbox").prop("checked") page.capture_passwords = $("#capture_passwords_checkbox").prop("checked") + page.redirect_url = $("#redirect_url_input").val() if (idx != -1) { page.id = pages[idx].id api.pageId.put(page) @@ -40,8 +41,10 @@ function dismiss() { $("#name").val("") $("#html_editor").val("") $("#url").val("") + $("#redirect_url_input").val("") $("#modal").find("input[type='checkbox']").prop("checked", false) $("#capture_passwords").hide() + $("#redirect_url").hide() $("#modal").modal('hide') } @@ -85,11 +88,13 @@ function edit(idx) { page = pages[idx] $("#name").val(page.name) $("#html_editor").val(page.html) - $("#capture_credentials_checkbox").prop("checked", page.capture_credentials) - $("#capture_passwords_checkbox").prop("checked", page.capture_passwords) - if (page.capture_credentials){ - $("#capture_passwords").show() - } + $("#capture_credentials_checkbox").prop("checked", page.capture_credentials) + $("#capture_passwords_checkbox").prop("checked", page.capture_passwords) + $("#redirect_url_input").val(page.redirect_url) + if (page.capture_credentials) { + $("#capture_passwords").show() + $("#redirect_url").show() + } } } @@ -189,10 +194,11 @@ $(document).ready(function() { }, this)); }; $('#modal').on('hidden.bs.modal', function(event) { - dismiss() + dismiss() }); - $("#capture_credentials_checkbox").change(function(){ - $("#capture_passwords").toggle() + $("#capture_credentials_checkbox").change(function() { + $("#capture_passwords").toggle() + $("#redirect_url").toggle() }) load() }) diff --git a/templates/landing_pages.html b/templates/landing_pages.html index bb6e1a82..725bac3c 100644 --- a/templates/landing_pages.html +++ b/templates/landing_pages.html @@ -96,6 +96,12 @@ Warning: Credentials are currently not encrypted. This means that captured passwords are stored in the database as cleartext. Be careful with this! +
+ +
+ +
+