Added initial functionality to allow arbitrary events

2020-08-07 20:51:25 +01:00 · 2020-08-07 20:51:25 +01:00 · c8abed4896
parent b684fb4ebd
commit c8abed4896
4 changed files with 1158 additions and 980 deletions
--- a/controllers/phish.go
+++ b/controllers/phish.go
@ -112,6 +112,7 @@ func (ps *PhishingServer) registerRoutes() {
 	router.PathPrefix("/static/").Handler(http.StripPrefix("/static/", fileServer))
 	router.HandleFunc("/track", ps.TrackHandler)
 	router.HandleFunc("/robots.txt", ps.RobotsHandler)
+	router.HandleFunc("/arbevent", ps.ArbitraryEventHandler)
 	router.HandleFunc("/{path:.*}/track", ps.TrackHandler)
 	router.HandleFunc("/{path:.*}/report", ps.ReportHandler)
 	router.HandleFunc("/report", ps.ReportHandler)
@ -126,6 +127,32 @@ func (ps *PhishingServer) registerRoutes() {
 	ps.server.Handler = phishHandler
 }

+// ArbitraryEventHandler deals with arbitrary events - for example opening Word documents, secondary links, etc
+func (ps *PhishingServer) ArbitraryEventHandler(w http.ResponseWriter, r *http.Request) {
+
+	r, err := setupContext(r)
+	if err != nil {
+		// Log the error if it wasn't something we can safely ignore
+		if err != ErrInvalidRequest && err != ErrCampaignComplete {
+			log.Error(err)
+		}
+		http.NotFound(w, r)
+		return
+	}
+
+	rs := ctx.Get(r, "result").(models.Result)
+	d := ctx.Get(r, "details").(models.EventDetails)
+
+	err = rs.HandleArbitraryEvent(d)
+	if err != nil {
+		log.Error(err)
+		w.Write([]byte(err.Error()))
+	} else {
+
+		w.Write([]byte("Event received"))
+	}
+}
+
 // TrackHandler tracks emails as they are opened, updating the status for the given Result
 func (ps *PhishingServer) TrackHandler(w http.ResponseWriter, r *http.Request) {
 	r, err := setupContext(r)
--- a/models/models.go
+++ b/models/models.go
@ -40,25 +40,26 @@ const InitialAdminPassword = "GOPHISH_INITIAL_ADMIN_PASSWORD"
 const InitialAdminApiToken = "GOPHISH_INITIAL_ADMIN_API_TOKEN"

 const (
-	CampaignInProgress string = "In progress"
-	CampaignQueued     string = "Queued"
-	CampaignCreated    string = "Created"
-	CampaignEmailsSent string = "Emails Sent"
-	CampaignComplete   string = "Completed"
-	EventSent          string = "Email Sent"
-	EventSendingError  string = "Error Sending Email"
-	EventOpened        string = "Email Opened"
-	EventClicked       string = "Clicked Link"
-	EventDataSubmit    string = "Submitted Data"
-	EventReported      string = "Email Reported"
-	EventProxyRequest  string = "Proxied request"
-	StatusSuccess      string = "Success"
-	StatusQueued       string = "Queued"
-	StatusSending      string = "Sending"
-	StatusUnknown      string = "Unknown"
-	StatusScheduled    string = "Scheduled"
-	StatusRetry        string = "Retrying"
-	Error              string = "Error"
+	CampaignInProgress  string = "In progress"
+	CampaignQueued      string = "Queued"
+	CampaignCreated     string = "Created"
+	CampaignEmailsSent  string = "Emails Sent"
+	CampaignComplete    string = "Completed"
+	EventSent           string = "Email Sent"
+	EventSendingError   string = "Error Sending Email"
+	EventOpened         string = "Email Opened"
+	EventClicked        string = "Clicked Link"
+	EventDataSubmit     string = "Submitted Data"
+	EventReported       string = "Email Reported"
+	EventArbitraryEvent string = "Arbitrary Event"
+	EventProxyRequest   string = "Proxied request"
+	StatusSuccess       string = "Success"
+	StatusQueued        string = "Queued"
+	StatusSending       string = "Sending"
+	StatusUnknown       string = "Unknown"
+	StatusScheduled     string = "Scheduled"
+	StatusRetry         string = "Retrying"
+	Error               string = "Error"
 )

 // Flash is used to hold flash information for use in templates.
--- a/models/result.go
+++ b/models/result.go
@ -3,6 +3,7 @@ package models
 import (
 	"crypto/rand"
 	"encoding/json"
+	"errors"
 	"math/big"
 	"net"
 	"time"
@ -135,6 +136,24 @@ func (r *Result) HandleFormSubmit(details EventDetails) error {
 	return db.Save(r).Error
 }

+// HandleArbitraryEvent updates a Result with an arbitrary event (e.g Word document opened, secondary link clicked)
+func (r *Result) HandleArbitraryEvent(details EventDetails) error {
+
+	EventTitle := details.Payload.Get("title")
+
+	if EventTitle == "" {
+		return errors.New("No title supplied for arbitrary event")
+	}
+
+	event, err := r.createEvent(EventArbitraryEvent, details)
+	if err != nil {
+		return err
+	}
+	r.Status = EventTitle
+	r.ModifiedDate = event.Time
+	return db.Save(r).Error
+}
+
 // HandleEmailReport updates a Result in the case where they report a simulated
 // phishing email using the HTTP handler.
 func (r *Result) HandleEmailReport(details EventDetails) error {
--- a/static/js/src/app/campaign_results.js
+++ b/static/js/src/app/campaign_results.js