def on_session_after_flush(session, flush_context): for signal, session_attribute in _flush_signal_map: objs = collections.defaultdict(list) for obj in getattr(session, session_attribute): objs[obj.__tablename__].append(obj) for table, targets in objs.items(): signals.safe_send(signal, logger, table, targets=tuple(targets), session=session)
def send_response(self, code, message=None):
super(KingPhisherRequestHandler, self).send_response(code, message)
signals.safe_send('response-sent',
self.logger,
self,
code=code,
message=message)
def _handle_page_visit_creds(self, session, visit_id):
username, password = self.get_query_creds()
if username is None:
return
cred_count = 0
query = session.query(db_models.Credential)
query = query.filter_by(message_id=self.message_id,
username=username,
password=password)
if query.count() == 0:
cred = db_models.Credential(campaign_id=self.campaign_id,
message_id=self.message_id,
visit_id=visit_id)
cred.username = username
cred.password = password
session.add(cred)
campaign = db_manager.get_row_by_id(session, db_models.Campaign,
self.campaign_id)
cred_count = len(campaign.credentials)
if cred_count > 0 and ((cred_count in [1, 5, 10]) or
((cred_count % 25) == 0)):
alert_text = "{0} credentials submitted for campaign: {{campaign_name}}".format(
cred_count)
self.server.job_manager.job_run(self.issue_alert,
(alert_text, self.campaign_id))
signals.safe_send('credentials-received',
self.logger,
self,
username=username,
password=password)
def handle_email_opened(self, query):
# image size: 43 Bytes
img_data = '47494638396101000100800100000000ffffff21f90401000001002c00000000'
img_data += '010001000002024c01003b'
img_data = binascii.a2b_hex(img_data)
self.send_response(200)
self.send_header('Content-Type', 'image/gif')
self.send_header('Content-Length', str(len(img_data)))
self.end_headers()
self.wfile.write(img_data)
msg_id = self.get_query('id')
if not msg_id:
return
session = db_manager.Session()
query = session.query(db_models.Message)
query = query.filter_by(id=msg_id, opened=None)
message = query.first()
if message and not message.campaign.has_expired:
message.opened = db_models.current_timestamp()
message.opener_ip = self.get_client_ip()
message.opener_user_agent = self.headers.get('user-agent', None)
session.commit()
session.close()
signals.safe_send('email-opened', self.logger, self)
def handle_email_opened(self, query):
# image size: 43 Bytes
img_data = '47494638396101000100800100000000ffffff21f90401000001002c00000000'
img_data += '010001000002024c01003b'
img_data = binascii.a2b_hex(img_data)
self.send_response(200)
self.send_header('Content-Type', 'image/gif')
self.send_header('Content-Length', str(len(img_data)))
self.end_headers()
self.wfile.write(img_data)
msg_id = self.get_query('id')
if not msg_id:
return
session = db_manager.Session()
query = session.query(db_models.Message)
query = query.filter_by(id=msg_id, opened=None)
message = query.first()
if message and not message.campaign.has_expired:
message.opened = db_models.current_timestamp()
message.opener_ip = self.get_client_ip()
message.opener_user_agent = self.headers.get('user-agent', None)
session.commit()
session.close()
signals.safe_send('email-opened', self.logger, self)
def on_session_after_flush(session, flush_context): for signal, session_attribute in _flush_signal_map: objs = collections.defaultdict(list) for obj in getattr(session, session_attribute): objs[obj.__tablename__].append(obj) for table, targets in objs.items(): signals.safe_send(signal, logger, table, targets=tuple(targets), session=session)
def forward_signal_update(mapper, connection, target):
signals.safe_send('db-table-update',
logger,
target.__tablename__,
mapper=mapper,
connection=connection,
target=target)
def forward_signal_insert(mapper, connection, target):
signals.safe_send('db-table-insert',
logger,
target.__tablename__,
mapper=mapper,
connection=connection,
target=target)
def on_init(self):
self.config = self.server.config
regex_prefix = '^'
if self.config.get('server.vhost_directories'):
regex_prefix += r'[\w\.\-]+\/'
for path, handler in self.handler_map.items():
if path.startswith(rest_api.REST_API_BASE):
del self.handler_map[path]
self.handler_map[regex_prefix + path] = handler
self.handler_map[regex_prefix + 'kpdd$'] = self.handle_deaddrop_visit
self.handler_map[regex_prefix + 'kp\\.js$'] = self.handle_javascript_hook
tracking_image = self.config.get('server.tracking_image')
tracking_image = tracking_image.replace('.', '\\.')
self.handler_map[regex_prefix + tracking_image + '$'] = self.handle_email_opened
signals.safe_send('request-received', self.logger, self)
def on_init(self):
self.config = self.server.config
regex_prefix = '^'
if self.config.get('server.vhost_directories'):
regex_prefix += r'[\w\.\-]+\/'
for path, handler in self.handler_map.items():
if path.startswith(rest_api.REST_API_BASE):
del self.handler_map[path]
self.handler_map[regex_prefix + path] = handler
self.handler_map[regex_prefix + 'kpdd$'] = self.handle_deaddrop_visit
self.handler_map[regex_prefix + 'kp\\.js$'] = self.handle_javascript_hook
tracking_image = self.config.get('server.tracking_image')
tracking_image = tracking_image.replace('.', '\\.')
self.handler_map[regex_prefix + tracking_image + '$'] = self.handle_email_opened
signals.safe_send('request-received', self.logger, self)
def _handle_page_visit_creds(self, session, visit_id):
username, password = self.get_query_creds()
if username is None:
return
cred_count = 0
query = session.query(db_models.Credential)
query = query.filter_by(message_id=self.message_id, username=username, password=password)
if query.count() == 0:
cred = db_models.Credential(campaign_id=self.campaign_id, message_id=self.message_id, visit_id=visit_id)
cred.username = username
cred.password = password
session.add(cred)
campaign = db_manager.get_row_by_id(session, db_models.Campaign, self.campaign_id)
cred_count = len(campaign.credentials)
if cred_count > 0 and ((cred_count in [1, 5, 10]) or ((cred_count % 25) == 0)):
alert_text = "{0} credentials submitted for campaign: {{campaign_name}}".format(cred_count)
self.server.job_manager.job_run(self.issue_alert, (alert_text, self.campaign_id))
signals.safe_send('credentials-received', self.logger, self, username=username, password=password)
def forward_signal_update(mapper, connection, target):
signals.safe_send('db-table-update', logger, target.__tablename__, mapper=mapper, connection=connection, target=target)
def forward_signal_insert(mapper, connection, target):
signals.safe_send('db-table-insert', logger, target.__tablename__, mapper=mapper, connection=connection, target=target)
def handle_page_visit(self):
if not self.message_id:
return
if self.message_id == self.config.get('server.secret_id'):
return
if not self.campaign_id:
return
client_ip = self.get_client_ip()
session = db_manager.Session()
campaign = db_manager.get_row_by_id(session, db_models.Campaign,
self.campaign_id)
if campaign.has_expired:
self.logger.info(
"ignoring page visit for expired campaign id: {0} from IP address: {1}"
.format(self.campaign_id, client_ip))
session.close()
return
self.logger.info(
"handling a page visit for campaign id: {0} from IP address: {1}".
format(self.campaign_id, client_ip))
message = db_manager.get_row_by_id(session, db_models.Message,
self.message_id)
if message.opened is None and self.config.get_if_exists(
'server.set_message_opened_on_visit', True):
message.opened = db_models.current_timestamp()
message.opener_ip = self.get_client_ip()
message.opener_user_agent = self.headers.get('user-agent', None)
set_new_visit = True
visit_id = None
if self.visit_id:
visit_id = self.visit_id
set_new_visit = False
query = session.query(db_models.LandingPage)
query = query.filter_by(campaign_id=self.campaign_id,
hostname=self.vhost,
page=self.request_path[1:])
if query.count():
visit = db_manager.get_row_by_id(session, db_models.Visit,
self.visit_id)
if visit.message_id == self.message_id:
visit.visit_count += 1
visit.last_visit = db_models.current_timestamp()
else:
set_new_visit = True
visit_id = None
if visit_id is None:
visit_id = make_uid()
if set_new_visit:
kp_cookie_name = self.config.get('server.cookie_name')
cookie = "{0}={1}; Path=/; HttpOnly".format(
kp_cookie_name, visit_id)
self.send_header('Set-Cookie', cookie)
visit = db_models.Visit(id=visit_id,
campaign_id=self.campaign_id,
message_id=self.message_id)
visit.visitor_ip = client_ip
visit.visitor_details = self.headers.get('user-agent', '')
session.add(visit)
visit_count = len(campaign.visits)
if visit_count > 0 and ((visit_count in (1, 10, 25)) or
((visit_count % 50) == 0)):
alert_text = "{0} visits reached for campaign: {{campaign_name}}".format(
visit_count)
self.server.job_manager.job_run(self.issue_alert,
(alert_text, self.campaign_id))
signals.safe_send('visit-received', self.logger, self)
if visit_id is None:
self.logger.error('the visit id has not been set')
raise RuntimeError('the visit id has not been set')
self._handle_page_visit_creds(session, visit_id)
trained = self.get_query('trained')
if isinstance(trained,
str) and trained.lower() in ['1', 'true', 'yes']:
message.trained = True
session.commit()
session.close()
def handle_page_visit(self):
if not self.message_id:
return
if self.message_id == self.config.get('server.secret_id'):
return
if not self.campaign_id:
return
client_ip = self.get_client_ip()
session = db_manager.Session()
campaign = db_manager.get_row_by_id(session, db_models.Campaign, self.campaign_id)
if campaign.has_expired:
self.logger.info("ignoring page visit for expired campaign id: {0} from IP address: {1}".format(self.campaign_id, client_ip))
session.close()
return
self.logger.info("handling a page visit for campaign id: {0} from IP address: {1}".format(self.campaign_id, client_ip))
message = db_manager.get_row_by_id(session, db_models.Message, self.message_id)
if message.opened is None and self.config.get_if_exists('server.set_message_opened_on_visit', True):
message.opened = db_models.current_timestamp()
message.opener_ip = self.get_client_ip()
message.opener_user_agent = self.headers.get('user-agent', None)
set_new_visit = True
visit_id = None
if self.visit_id:
visit_id = self.visit_id
set_new_visit = False
query = session.query(db_models.LandingPage)
query = query.filter_by(campaign_id=self.campaign_id, hostname=self.vhost, page=self.request_path[1:])
if query.count():
visit = db_manager.get_row_by_id(session, db_models.Visit, self.visit_id)
if visit.message_id == self.message_id:
visit.visit_count += 1
visit.last_visit = db_models.current_timestamp()
else:
set_new_visit = True
visit_id = None
if visit_id is None:
visit_id = make_uid()
if set_new_visit:
kp_cookie_name = self.config.get('server.cookie_name')
cookie = "{0}={1}; Path=/; HttpOnly".format(kp_cookie_name, visit_id)
self.send_header('Set-Cookie', cookie)
visit = db_models.Visit(id=visit_id, campaign_id=self.campaign_id, message_id=self.message_id)
visit.visitor_ip = client_ip
visit.visitor_details = self.headers.get('user-agent', '')
session.add(visit)
visit_count = len(campaign.visits)
if visit_count > 0 and ((visit_count in (1, 10, 25)) or ((visit_count % 50) == 0)):
alert_text = "{0} visits reached for campaign: {{campaign_name}}".format(visit_count)
self.server.job_manager.job_run(self.issue_alert, (alert_text, self.campaign_id))
signals.safe_send('visit-received', self.logger, self)
if visit_id is None:
self.logger.error('the visit id has not been set')
raise RuntimeError('the visit id has not been set')
self._handle_page_visit_creds(session, visit_id)
trained = self.get_query('trained')
if isinstance(trained, str) and trained.lower() in ['1', 'true', 'yes']:
message.trained = True
session.commit()
session.close()
def send_response(self, code, message=None):
super(KingPhisherRequestHandler, self).send_response(code, message)
signals.safe_send('response-sent', self.logger, self, code=code, message=message)