Now capturing IP and User Agent information in event logs. Fixes #280

pull/260/head
Jordan Wright 2016-08-08 18:28:19 -05:00
parent 672e095368
commit ac62f33e80
2 changed files with 31 additions and 14 deletions

View File

@ -179,27 +179,44 @@ func PhishHandler(w http.ResponseWriter, r *http.Request) {
if err != nil { if err != nil {
Logger.Println(err) Logger.Println(err)
} }
switch {
case r.Method == "GET":
err = c.AddEvent(models.Event{Email: rs.Email, Message: models.EVENT_CLICKED})
if err != nil {
Logger.Println(err)
}
case r.Method == "POST":
// If data was POST'ed, let's record it
// Store the data in an event
d := struct { d := struct {
Payload url.Values `json:"payload"` Payload url.Values `json:"payload"`
Browser map[string]string `json:"browser"` Browser map[string]string `json:"browser"`
}{ }{
Payload: r.Form, Payload: r.Form,
Browser: make(map[string]string),
} }
ip, _, err := net.SplitHostPort(r.RemoteAddr)
if err != nil {
Logger.Println(err)
return
}
// Respect X-Forwarded headers
if fips := r.Header.Get("X-Forwarded-For"); fips != "" {
ip = strings.Split(fips, ", ")[0]
}
// Handle post processing such as GeoIP
err = rs.UpdateGeo(ip)
if err != nil {
Logger.Println(err)
}
d.Browser["address"] = ip
d.Browser["user-agent"] = r.Header.Get("User-Agent")
rj, err := json.Marshal(d) rj, err := json.Marshal(d)
if err != nil { if err != nil {
Logger.Println(err) Logger.Println(err)
http.NotFound(w, r) http.NotFound(w, r)
return return
} }
switch {
case r.Method == "GET":
err = c.AddEvent(models.Event{Email: rs.Email, Message: models.EVENT_CLICKED, Details: string(rj)})
if err != nil {
Logger.Println(err)
}
case r.Method == "POST":
// If data was POST'ed, let's record it
// Store the data in an event
c.AddEvent(models.Event{Email: rs.Email, Message: models.EVENT_DATA_SUBMIT, Details: string(rj)}) c.AddEvent(models.Event{Email: rs.Email, Message: models.EVENT_DATA_SUBMIT, Details: string(rj)})
if err != nil { if err != nil {
Logger.Println(err) Logger.Println(err)

View File

@ -259,7 +259,7 @@ function renderTimeline(data) {
' <i class="fa ' + statuses[event.message].icon + '"></i></div>' + ' <i class="fa ' + statuses[event.message].icon + '"></i></div>' +
' <div class="timeline-message">' + escapeHtml(event.message) + ' <div class="timeline-message">' + escapeHtml(event.message) +
' <span class="timeline-date">' + moment(event.time).format('MMMM Do YYYY h:mm') + '</span>' ' <span class="timeline-date">' + moment(event.time).format('MMMM Do YYYY h:mm') + '</span>'
if (event.details) { if (event.details && event.message == "Submitted Data") {
results += '<div class="timeline-replay-button"><button onclick="replay(' + i + ')" class="btn btn-success">' results += '<div class="timeline-replay-button"><button onclick="replay(' + i + ')" class="btn btn-success">'
results += '<i class="fa fa-refresh"></i> Replay Credentials</button></div>' results += '<i class="fa fa-refresh"></i> Replay Credentials</button></div>'
results += '<div class="timeline-event-details"><i class="fa fa-caret-right"></i> View Details</div>' results += '<div class="timeline-event-details"><i class="fa fa-caret-right"></i> View Details</div>'