Added support for redirect URL's after creds are submitted. Fixes #210

pull/233/head
Jordan Wright 2016-03-18 20:19:13 -05:00
parent 9051ee7656
commit 52b9eda3b2
7 changed files with 43 additions and 10 deletions

View File

@ -190,6 +190,11 @@ func PhishHandler(w http.ResponseWriter, r *http.Request) {
if err != nil {
Logger.Println(err)
}
// Redirect to the desired page
if p.RedirectURL != "" {
http.Redirect(w, r, p.RedirectURL, 302)
return
}
}
w.Write([]byte(p.HTML))
}

View File

@ -0,0 +1,8 @@
-- +goose Up
-- SQL in section 'Up' is executed when this migration is applied
ALTER TABLE pages ADD COLUMN redirect_url VARCHAR(255);
-- +goose Down
-- SQL section 'Down' is executed when this migration is rolled back

View File

@ -106,14 +106,16 @@ func (s *ModelsSuite) TestPostPage(c *check.C) {
</form></body>
</html>`
p := Page{
Name: "Test Page",
HTML: html,
Name: "Test Page",
HTML: html,
RedirectURL: "http://example.com",
}
// Check the capturing credentials and passwords
p.CaptureCredentials = true
p.CapturePasswords = true
err := PostPage(&p)
c.Assert(err, check.Equals, nil)
c.Assert(p.RedirectURL, check.Equals, "http://example.com")
d, err := goquery.NewDocumentFromReader(strings.NewReader(p.HTML))
c.Assert(err, check.Equals, nil)
forms := d.Find("form")
@ -132,8 +134,10 @@ func (s *ModelsSuite) TestPostPage(c *check.C) {
// Check what happens when we don't capture passwords
p.CapturePasswords = false
p.HTML = html
p.RedirectURL = ""
err = PutPage(&p)
c.Assert(err, check.Equals, nil)
c.Assert(p.RedirectURL, check.Equals, "")
d, err = goquery.NewDocumentFromReader(strings.NewReader(p.HTML))
c.Assert(err, check.Equals, nil)
forms = d.Find("form")

View File

@ -16,6 +16,7 @@ type Page struct {
HTML string `json:"html" gorm:"column:html"`
CaptureCredentials bool `json:"capture_credentials" gorm:"column:capture_credentials"`
CapturePasswords bool `json:"capture_passwords" gorm:"column:capture_passwords"`
RedirectURL string `json:"redirect_url" gorm:"column:redirect_url"`
ModifiedDate time.Time `json:"modified_date"`
}

3
static/css/main.css vendored
View File

@ -505,6 +505,9 @@ td.details-control{
#capture_passwords {
display:none;
}
#redirect_url {
display:none;
}
@media (max-width: 767px) {
.navbar-header {
margin-left:10px !important;

View File

@ -13,6 +13,7 @@ function save(idx) {
page.html = editor.getData()
page.capture_credentials = $("#capture_credentials_checkbox").prop("checked")
page.capture_passwords = $("#capture_passwords_checkbox").prop("checked")
page.redirect_url = $("#redirect_url_input").val()
if (idx != -1) {
page.id = pages[idx].id
api.pageId.put(page)
@ -40,8 +41,10 @@ function dismiss() {
$("#name").val("")
$("#html_editor").val("")
$("#url").val("")
$("#redirect_url_input").val("")
$("#modal").find("input[type='checkbox']").prop("checked", false)
$("#capture_passwords").hide()
$("#redirect_url").hide()
$("#modal").modal('hide')
}
@ -85,11 +88,13 @@ function edit(idx) {
page = pages[idx]
$("#name").val(page.name)
$("#html_editor").val(page.html)
$("#capture_credentials_checkbox").prop("checked", page.capture_credentials)
$("#capture_passwords_checkbox").prop("checked", page.capture_passwords)
if (page.capture_credentials){
$("#capture_passwords").show()
}
$("#capture_credentials_checkbox").prop("checked", page.capture_credentials)
$("#capture_passwords_checkbox").prop("checked", page.capture_passwords)
$("#redirect_url_input").val(page.redirect_url)
if (page.capture_credentials) {
$("#capture_passwords").show()
$("#redirect_url").show()
}
}
}
@ -189,10 +194,11 @@ $(document).ready(function() {
}, this));
};
$('#modal').on('hidden.bs.modal', function(event) {
dismiss()
dismiss()
});
$("#capture_credentials_checkbox").change(function(){
$("#capture_passwords").toggle()
$("#capture_credentials_checkbox").change(function() {
$("#capture_passwords").toggle()
$("#redirect_url").toggle()
})
load()
})

View File

@ -96,6 +96,12 @@
<i class="fa fa-exclamation-circle"></i> <b>Warning:</b> Credentials are currently <b>not encrypted</b>. This means that captured passwords are stored in the database as cleartext. Be careful with this!
</div>
</div>
<div id="redirect_url">
<label class="control-label" for="redirect_url_input">Redirect to: <i class="fa fa-question-circle" data-toggle="tooltip" data-placement="right" title="This option lets you redirect the user to a page after credentials are submitted."></i></label>
<div class="form-group">
<input id="redirect_url_input" class="form-control" placeholder="http://example.com"/>
</div>
</div>
</div>
<div class="modal-footer">
<button type="button" data-dismiss="modal" class="btn btn-default" onclick="dismiss()">Cancel</button>