cristiancmoises
/
gophish
mirror of https://github.com/gophish/gophish
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Support Re-enabling CapturePasswords for Landing Pages (#1271) 

Fixed a bug when marking the capture password, saving and unmarking the capture password, the attribute does not comeback and the password will never be captured again for this template.
pull/1272/head
Jordan Wright 2018-11-11 12:34:26 -06:00 committed by GitHub
parent 69ffb70b35
commit 7fd0657a91
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 29 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
models/page.go
View File

@ -46,6 +46,15 @@ func (p *Page) parseHTML() error {
input.RemoveAttr("name") input.RemoveAttr("name")
} }
}) })
} else {
// If the user chooses to re-enable the capture passwords setting,
// we need to re-add the name attribute
inputs := f.Find("input")
inputs.Each(func(j int, input *goquery.Selection) {
if t, _ := input.Attr("type"); strings.EqualFold(t, "password") {
input.SetAttr("name", "password")
}
})
} }
} else { } else {
// Otherwise, remove the name from all // Otherwise, remove the name from all

24
models/page_test.go
View File

@ -41,6 +41,7 @@ func (s *ModelsSuite) TestPostPage(c *check.C) {
c.Assert(ok, check.Equals, true) c.Assert(ok, check.Equals, true)
c.Assert(u, check.Equals, "username") c.Assert(u, check.Equals, "username")
}) })
// Check what happens when we don't capture passwords // Check what happens when we don't capture passwords
p.CapturePasswords = false p.CapturePasswords = false
p.HTML = html p.HTML = html
@ -55,7 +56,7 @@ func (s *ModelsSuite) TestPostPage(c *check.C) {
// Check the action has been set // Check the action has been set
a, _ := f.Attr("action") a, _ := f.Attr("action")
c.Assert(a, check.Equals, "") c.Assert(a, check.Equals, "")
// Check the password still has a name // Check the password name has been removed
_, ok := f.Find("input[type=\"password\"]").Attr("name") _, ok := f.Find("input[type=\"password\"]").Attr("name")
c.Assert(ok, check.Equals, false) c.Assert(ok, check.Equals, false)
// Check the username is still correct // Check the username is still correct
@ -63,7 +64,8 @@ func (s *ModelsSuite) TestPostPage(c *check.C) {
c.Assert(ok, check.Equals, true) c.Assert(ok, check.Equals, true)
c.Assert(u, check.Equals, "username") c.Assert(u, check.Equals, "username")
}) })
// Finally, check when we don't capture credentials
// Check when we don't capture credentials
p.CaptureCredentials = false p.CaptureCredentials = false
p.HTML = html p.HTML = html
err = PutPage(&p) err = PutPage(&p)
@ -75,13 +77,27 @@ func (s *ModelsSuite) TestPostPage(c *check.C) {
// Check the action has been set // Check the action has been set
a, _ := f.Attr("action") a, _ := f.Attr("action")
c.Assert(a, check.Equals, "") c.Assert(a, check.Equals, "")
// Check the password still has a name // Check the password name has been removed
_, ok := f.Find("input[type=\"password\"]").Attr("name") _, ok := f.Find("input[type=\"password\"]").Attr("name")
c.Assert(ok, check.Equals, false) c.Assert(ok, check.Equals, false)
// Check the username is still correct // Check the username name has been removed
_, ok = f.Find("input").Attr("name") _, ok = f.Find("input").Attr("name")
c.Assert(ok, check.Equals, false) c.Assert(ok, check.Equals, false)
}) })
// Finally, re-enable capturing passwords (ref: #1267)
p.CaptureCredentials = true
p.CapturePasswords = true
err = PutPage(&p)
c.Assert(err, check.Equals, nil)
d, err = goquery.NewDocumentFromReader(strings.NewReader(p.HTML))
c.Assert(err, check.Equals, nil)
forms = d.Find("form")
forms.Each(func(i int, f *goquery.Selection) {
// Check the password still has a name
_, ok := f.Find("input[type=\"password\"]").Attr("name")
c.Assert(ok, check.Equals, true)
})
} }
func (s *ModelsSuite) TestPageValidation(c *check.C) { func (s *ModelsSuite) TestPageValidation(c *check.C) {