Added in functionality to spoof the hostname, not the IP, of the GoPhish

server that is present in the email headers. Functionality is leveraged
 when using iptables based redirection through a redirector.
pull/1400/head
Ne0nd0g 2019-03-14 21:29:51 -04:00
parent 8b27d852d8
commit 9f5838e6e8
6 changed files with 20 additions and 6 deletions

View File

@ -10,6 +10,7 @@ CREATE TABLE `smtp`(
user_id bigint,
interface_type varchar(255),
name varchar(255),
spoofed_hostname varchar(255),
host varchar(255),
username varchar(255),
password varchar(255),

View File

@ -10,6 +10,7 @@ CREATE TABLE smtp(
user_id bigint,
interface_type varchar(255),
name varchar(255),
spoofed_hostname varchar(255),
host varchar(255),
username varchar(255),
password varchar(255),

View File

@ -34,6 +34,7 @@ type SMTP struct {
UserId int64 `json:"-" gorm:"column:user_id"`
Interface string `json:"interface_type" gorm:"column:interface_type"`
Name string `json:"name"`
SpoofedHostname string `json:"spoofed_hostname"`
Host string `json:"host"`
Username string `json:"username,omitempty"`
Password string `json:"password,omitempty"`
@ -113,12 +114,16 @@ func (s *SMTP) GetDialer() (mailer.Dialer, error) {
ServerName: s.Host,
InsecureSkipVerify: s.IgnoreCertErrors,
}
if s.SpoofedHostname == "" {
hostname, err := os.Hostname()
if err != nil {
log.Error(err)
hostname = "localhost"
}
d.LocalName = hostname
} else {
d.LocalName = s.SpoofedHostname
}
return &Dialer{d}, err
}

File diff suppressed because one or more lines are too long

View File

@ -18,6 +18,7 @@ function sendTestEmail() {
url: '',
smtp: {
from_address: $("#from").val(),
spoofed_hostname: $("#spoofed_hostname").val(),
host: $("#host").val(),
username: $("#username").val(),
password: $("#password").val(),
@ -55,6 +56,7 @@ function save(idx) {
profile.name = $("#name").val()
profile.interface_type = $("#interface_type").val()
profile.from_address = $("#from").val()
profile.spoofed_hostname = $("#spoofed_hostname").val()
profile.host = $("#host").val()
profile.username = $("#username").val()
profile.password = $("#password").val()
@ -90,6 +92,7 @@ function dismiss() {
$("#interface_type").val("SMTP")
$("#from").val("")
$("#host").val("")
$("#spoofed_hostname").val("")
$("#username").val("")
$("#password").val("")
$("#ignore_cert_errors").prop("checked", true)
@ -155,6 +158,7 @@ function edit(idx) {
$("#name").val(profile.name)
$("#interface_type").val(profile.interface_type)
$("#from").val(profile.from_address)
$("#spoofed_hostname").val(profile.spoofed_hostname)
$("#host").val(profile.host)
$("#username").val(profile.username)
$("#password").val(profile.password)
@ -174,6 +178,7 @@ function copy(idx) {
$("#name").val("Copy of " + profile.name)
$("#interface_type").val(profile.interface_type)
$("#from").val(profile.from_address)
$("#spoofed_hostname").val(profile.spoofed_hostname)
$("#host").val(profile.host)
$("#username").val(profile.username)
$("#password").val(profile.password)

View File

@ -52,6 +52,8 @@
<label class="control-label" for="from">From:</label>
<input type="text" class="form-control" placeholder="First Last <test@example.com>" id="from"
required />
<label class="control-label" for="spoofed_hostname">Spoofed Hostname</label>
<input type="text" class="form-control" placeholder="Spoofed hostname found in SMTP recieved header" id="spoofed_hostname">
<label class="control-label" for="host">Host:</label>
<input type="text" class="form-control" placeholder="smtp.example.com:25" id="host" required />
<label class="control-label" for="username">Username:</label>