Now capturing IP and User Agent information in event logs. Fixes #280

2016-08-08 18:28:19 -05:00 · 2016-08-08 18:28:19 -05:00 · ac62f33e80
parent 672e095368
commit ac62f33e80
2 changed files with 31 additions and 14 deletions
--- a/controllers/route.go
+++ b/controllers/route.go
@ -179,27 +179,44 @@ func PhishHandler(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		Logger.Println(err)
 	}
-	switch {
-	case r.Method == "GET":
-		err = c.AddEvent(models.Event{Email: rs.Email, Message: models.EVENT_CLICKED})
-		if err != nil {
-			Logger.Println(err)
-		}
-	case r.Method == "POST":
-		// If data was POST'ed, let's record it
-		// Store the data in an event
 	d := struct {
 		Payload url.Values        `json:"payload"`
 		Browser map[string]string `json:"browser"`
 	}{
 		Payload: r.Form,
+		Browser: make(map[string]string),
 	}
+	ip, _, err := net.SplitHostPort(r.RemoteAddr)
+	if err != nil {
+		Logger.Println(err)
+		return
+	}
+	// Respect X-Forwarded headers
+	if fips := r.Header.Get("X-Forwarded-For"); fips != "" {
+		ip = strings.Split(fips, ", ")[0]
+	}
+	// Handle post processing such as GeoIP
+	err = rs.UpdateGeo(ip)
+	if err != nil {
+		Logger.Println(err)
+	}
+	d.Browser["address"] = ip
+	d.Browser["user-agent"] = r.Header.Get("User-Agent")
 	rj, err := json.Marshal(d)
 	if err != nil {
 		Logger.Println(err)
 		http.NotFound(w, r)
 		return
 	}
+	switch {
+	case r.Method == "GET":
+		err = c.AddEvent(models.Event{Email: rs.Email, Message: models.EVENT_CLICKED, Details: string(rj)})
+		if err != nil {
+			Logger.Println(err)
+		}
+	case r.Method == "POST":
+		// If data was POST'ed, let's record it
+		// Store the data in an event
 		c.AddEvent(models.Event{Email: rs.Email, Message: models.EVENT_DATA_SUBMIT, Details: string(rj)})
 		if err != nil {
 			Logger.Println(err)
--- a/static/js/app/campaign_results.js
+++ b/static/js/app/campaign_results.js
@ -259,7 +259,7 @@ function renderTimeline(data) {
                '    <i class="fa ' + statuses[event.message].icon + '"></i></div>' +
                '    <div class="timeline-message">' + escapeHtml(event.message) +
                '    <span class="timeline-date">' + moment(event.time).format('MMMM Do YYYY h:mm') + '</span>'
-            if (event.details) {
+            if (event.details && event.message == "Submitted Data") {
                results += '<div class="timeline-replay-button"><button onclick="replay(' + i + ')" class="btn btn-success">'
                results += '<i class="fa fa-refresh"></i> Replay Credentials</button></div>'
                results += '<div class="timeline-event-details"><i class="fa fa-caret-right"></i> View Details</div>'