Adding the ability to replay credentials from the campaign results page

controllers/api.go

@@ -560,6 +560,16 @@ func API_Import_Site(w http.ResponseWriter, r *http.Request) {
 	if d.Find("head base").Length() == 0 {
 		d.Find("head").PrependHtml(fmt.Sprintf("<base href=\"%s\">", cr.URL))
 	}
+	forms := d.Find("form")
+	forms.Each(func(i int, f *goquery.Selection) {
+		// We'll want to store where we got the form from
+		// (the current URL)
+		url := f.AttrOr("action", cr.URL)
+		if !strings.HasPrefix(url, "http") {
+			url = fmt.Sprintf("%s%s", cr.URL, url)
+		}
+		f.PrependHtml(fmt.Sprintf("<input type=\"hidden\" name=\"__original_url\" value=\"%s\"/>", url))
+	})
 	h, err := d.Html()
 	if err != nil {
 		JSONResponse(w, models.Response{Success: false, Message: err.Error()}, http.StatusInternalServerError)

static/css/main.css

@@ -485,6 +485,9 @@ td.details-control{
 	margin-top:5px;
 	cursor:pointer;
 }
+.timeline-replay-button {
+    margin-top:10px;
+}
 .timeline-event-details>.table-responsive{
 	display:none;
 }

static/js/app/campaign_results.js

@@ -185,6 +185,59 @@ function exportAsCSV(scope) {
     $("#exportButton").html(exportHTML)
 }
 
+function replay(event_idx) {
+    request = campaign.timeline[event_idx]
+    details = JSON.parse(request.details)
+    url = null
+    form = $('<form>').attr({
+            method: 'POST',
+            target: '_blank',
+        })
+        /* Create a form object and submit it */
+    $.each(Object.keys(details.payload), function(i, param) {
+            if (param == "rid") {
+                return true;
+            }
+            if (param == "__original_url") {
+                url = details.payload[param];
+                return true;
+            }
+            $('<input>').attr({
+                name: param,
+            }).val(details.payload[param]).appendTo(form);
+        })
+        /* Ensure we know where to send the user */
+        // Prompt for the URL
+    swal({
+        title: 'Where do you want the credentials submitted to?',
+        input: 'text',
+        showCancelButton: true,
+        inputPlaceholder: "http://example.com/login",
+        inputValue: url || "",
+        inputValidator: function(value) {
+            return new Promise(function(resolve, reject) {
+                if (value) {
+                    resolve();
+                } else {
+                    reject('Invalid URL.');
+                }
+            });
+        }
+    }).then(function(result) {
+        url = result
+        submitForm()
+    })
+    return
+    submitForm()
+
+    function submitForm() {
+        form.attr({
+            action: url
+        })
+        form.appendTo('body').submit().remove()
+    }
+}
+
 function renderTimeline(data) {
     record = {
         "first_name": data[2],
@@ -207,6 +260,8 @@ function renderTimeline(data) {
                 '    <div class="timeline-message">' + escapeHtml(event.message) +
                 '    <span class="timeline-date">' + moment(event.time).format('MMMM Do YYYY h:mm') + '</span>'
             if (event.details) {
+                results += '<div class="timeline-replay-button"><button onclick="replay(' + i + ')" class="btn btn-success">'
+                results += '<i class="fa fa-refresh"></i> Replay Credentials</button></div>'
                 results += '<div class="timeline-event-details"><i class="fa fa-caret-right"></i> View Details</div>'
                 details = JSON.parse(event.details)
                 if (details.payload) {