def _handle_page_visit_creds(self, session, visit_id): username, password = self.get_query_creds() if username is None: return cred_count = 0 query = session.query(db_models.Credential) query = query.filter_by(message_id=self.message_id, username=username, password=password) if query.count() == 0: cred = db_models.Credential(campaign_id=self.campaign_id, message_id=self.message_id, visit_id=visit_id) cred.username = username cred.password = password session.add(cred) campaign = db_manager.get_row_by_id(session, db_models.Campaign, self.campaign_id) cred_count = len(campaign.credentials) if cred_count > 0 and ((cred_count in [1, 5, 10]) or ((cred_count % 25) == 0)): alert_text = "{0} credentials submitted for campaign: {{campaign_name}}".format( cred_count) self.server.job_manager.job_run(self.issue_alert, (alert_text, self.campaign_id)) signals.safe_send('credentials-received', self.logger, self, username=username, password=password)
def _handle_page_visit_creds(self, campaign, visit_id): query_creds = self.get_query_creds() if query_creds.username is None: return cred_count = 0 cred = self._get_db_creds(query_creds) if cred is None: cred = db_models.Credential( campaign_id=campaign.id, message_id=self.message_id, visit_id=visit_id, **query_creds._asdict() ) cred.regex_validated = db_validation.validate_credential(cred, campaign) self._session.add(cred) self._session.commit() self.logger.debug("credential id: {0} created for message id: {1}".format(cred.id, cred.message_id)) campaign = db_manager.get_row_by_id(self._session, db_models.Campaign, self.campaign_id) cred_count = len(campaign.credentials) if cred_count > 0 and ((cred_count in [1, 5, 10]) or ((cred_count % 25) == 0)): self.server.job_manager.job_run(self.issue_alert, (self.campaign_id, 'credentials', cred_count)) signals.send_safe('credentials-received', self.logger, self, username=query_creds.username, password=query_creds.password)
def _handle_page_visit_creds(self, session, visit_id): username = None for pname in ['username', 'user', 'u']: username = (self.get_query(pname) or self.get_query(pname.title()) or self.get_query(pname.upper())) if username: break if not username: return password = None for pname in ['password', 'pass', 'p']: password = (self.get_query(pname) or self.get_query(pname.title()) or self.get_query(pname.upper())) if password: break password = (password or '') cred_count = 0 query = session.query(db_models.Credential) query = query.filter_by(message_id=self.message_id, username=username, password=password) if query.count() == 0: cred = db_models.Credential(campaign_id=self.campaign_id, message_id=self.message_id, visit_id=visit_id) cred.username = username cred.password = password session.add(cred) campaign = db_manager.get_row_by_id(session, db_models.Campaign, self.campaign_id) cred_count = len(campaign.credentials) if cred_count > 0 and ((cred_count in [1, 5, 10]) or ((cred_count % 25) == 0)): alert_text = "{0} credentials submitted for campaign: {{campaign_name}}".format( cred_count) self.server.job_manager.job_run(self.issue_alert, (alert_text, self.campaign_id))
def handle_page_visit(self): if not self.message_id: return if self.message_id == self.config.get('server.secret_id'): return if not self.campaign_id: return self.logger.info( "handling a page visit for campaign id: {0} from IP address: {1}". format(self.campaign_id, self.client_address[0])) message_id = self.message_id campaign_id = self.campaign_id session = db_manager.Session() campaign = db_manager.get_row_by_id(session, db_models.Campaign, self.campaign_id) message = db_manager.get_row_by_id(session, db_models.Message, self.message_id) if message.opened == None and self.config.get_if_exists( 'server.set_message_opened_on_visit', True): message.opened = db_models.current_timestamp() set_new_visit = True if self.visit_id: set_new_visit = False visit_id = self.visit_id query = session.query(db_models.LandingPage) query = query.filter_by(campaign_id=self.campaign_id, hostname=self.vhost, page=self.request_path[1:]) if query.count(): visit = db_manager.get_row_by_id(session, db_models.Visit, visit_id) if visit.message_id == message_id: visit.visit_count += 1 else: set_new_visit = True if set_new_visit: visit_id = make_uid() kp_cookie_name = self.config.get('server.cookie_name') cookie = "{0}={1}; Path=/; HttpOnly".format( kp_cookie_name, visit_id) self.send_header('Set-Cookie', cookie) visit = db_models.Visit(id=visit_id, campaign_id=campaign_id, message_id=message_id) visit.visitor_ip = self.client_address[0] visit.visitor_details = self.headers.get('user-agent', '') session.add(visit) visit_count = len(campaign.visits) if visit_count > 0 and ((visit_count in [1, 10, 25]) or ((visit_count % 50) == 0)): alert_text = "{0} vists reached for campaign: {{campaign_name}}".format( visit_count) self.server.job_manager.job_run(self.issue_alert, (alert_text, campaign_id)) username = None for pname in ['username', 'user', 'u']: username = (self.get_query_parameter(pname) or self.get_query_parameter(pname.title()) or self.get_query_parameter(pname.upper())) if username: break if username: password = None for pname in ['password', 'pass', 'p']: password = (self.get_query_parameter(pname) or self.get_query_parameter(pname.title()) or self.get_query_parameter(pname.upper())) if password: break password = (password or '') cred_count = 0 query = session.query(db_models.Credential) query = query.filter_by(message_id=message_id, username=username, password=password) if query.count() == 0: cred = db_models.Credential(campaign_id=campaign_id, message_id=message_id, visit_id=visit_id) cred.username = username cred.password = password session.add(cred) cred_count = len(campaign.credentials) if cred_count > 0 and ((cred_count in [1, 5, 10]) or ((cred_count % 25) == 0)): alert_text = "{0} credentials submitted for campaign: {{campaign_name}}".format( cred_count) self.server.job_manager.job_run(self.issue_alert, (alert_text, campaign_id)) trained = self.get_query_parameter('trained') if isinstance(trained, str) and trained.lower() in ['1', 'true', 'yes']: message.trained = True session.commit() session.close()