Commit Graph

18 Commits (0620671de60271265cf6e6131c47e8114aff8660)

Author SHA1 Message Date
Jordan Wright 79e680e675 Updates the tls.Config of the phishing and admin servers to support TLS 1.2 as the minimum TLS version. This addresses #1691 and #1689.
I am making this change since Microsoft, Google, and Apple have all chosen to deprecate TLS 1.0 and TLS 1.1 in early 2020. In late 2018, the companies recorded that less than 1.4 percent (max) of their connections used < TLS 1.2.

Output before change:

```
docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.internal:3333

 Testing protocols via sockets except NPN+ALPN

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      offered (deprecated)
 TLS 1.1    offered (deprecated)
 TLS 1.2    offered (OK)
 TLS 1.3    offered (OK): final
 NPN/SPDY   h2, http/1.1 (advertised)
 ALPN/HTTP2 h2, http/1.1 (offered)
```

Output after change:

```
docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.internal:3333

 Testing protocols via sockets except NPN+ALPN

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    not offered
 TLS 1.2    offered (OK)
 TLS 1.3    offered (OK): final
 NPN/SPDY   h2, http/1.1 (advertised)
 ALPN/HTTP2 h2, http/1.1 (offered)
```
2019-12-11 19:52:41 -06:00
Glenn Wilkinson 28252bcb56 Will exit on port binding failure (#1635) 2019-10-28 21:38:59 -05:00
Jordan Wright f95e9554c7
Add CORS support for Reporting Handler (#1529)
* Added response headers for CORS and server identification (#1517)

Co-Authored-By: Glenn Wilkinson <glenn.wilkinson@gmail.com>
2019-08-03 20:55:25 -05:00
Jordan Wright 1e0a78db30
Refactoring API into separate package for easier management. (#1411) 2019-03-26 22:17:20 -05:00
Jordan Wright 8d32bc2fab Fixed phishing server log output. Fixes #1345 2019-02-19 21:40:26 -06:00
Jordan Wright a73ac4ab7c Fixed various minor linting issues 2018-12-15 21:38:51 -06:00
Jordan Wright 47f0049c30
Refactor servers (#1321)
* Refactoring servers to support custom workers and graceful shutdown.
* Refactoring workers to support custom mailers.
* Refactoring mailer to be an interface, with proper instances instead of a single global instance
* Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition.
* Cleaning up API middleware to be simpler
* Moving template parameters to separate struct
* Changed LoadConfig to return config object
* Cleaned up some error handling, removing uninitialized global error in models package
* Changed static file serving to use the unindexed package
2018-12-15 15:42:32 -06:00
Jordan Wright 326649b177 Updating redirect URL to support template values. Fixes #1235 2018-10-15 16:42:05 -05:00
Jordan Wright 9f334281ab Added X-Mailer and X-Gophish-Contact headers (Ref: #1057) 2018-06-18 21:37:59 -05:00
Jordan Wright 1efb71d1e9 Added transparency handler to return information JSON when a "+" is appended to a valid result ID (ref #1057) 2018-06-09 20:58:05 -05:00
Jordan Wright ebb6cd61b2 Implemented the ability to preview landing pages when sending a test email. 2018-06-08 21:20:52 -05:00
Jordan Wright 420410b52c Refactored result updating to be in result.go.
Added the modified_date field to results so it's easy to keep track of the last results that were modified without having to parse every event. Updated the tests to reflect the changes.
2018-05-26 21:26:34 -05:00
Jordan Wright f7dee1e938 Removed directory listing of static assets. Fixes #1077. Fixes #815 2018-05-23 23:03:48 -05:00
Jordan Wright 5d23263898
Moved logging to logrus package. Not perfect yet (still want to update the access logs), but should set the foundation to make better logging in the future. 2018-05-03 19:07:41 -05:00
Jordan Wright eb2f0e38c7
Better handling of template errors when rendering the phishing page. Fixes #1008. 2018-03-22 21:29:07 -05:00
Jordan Wright f21536da7c
Adding "Report Email" Support (#1014)
Adds the capability to report phishing campaigns using an email client extension.

**Note: Gophish does not currently provide an email client extension out of the box. This is simply a mechanism to let existing email client add-ons send report status information to Gophish, and have that information reflected in the dashboard.**
2018-03-18 22:03:00 -05:00
Jordan Wright c9ff8714a0
Moved rid parameter to a separate constant. Fixes #911 2018-02-22 23:02:27 -06:00
Jordan Wright e42302ebf9 Moved phishing handlers into separate file and added a ton of tests. 2017-06-08 23:41:38 -05:00