def landing_page_post(request, tracker_id):
"""Save landing page POST infos and redirect to true URL.
:param request:
:param tracker_id:
:return:
"""
# add infos
tracker = get_object_or_404(Tracker, pk=tracker_id)
TrackerInfos.create(target_tracker=tracker,
http_request=request,
raw=json.dumps(request.POST))
count = TrackerInfos.objects.filter(target_tracker=tracker).count()
# update values
tracker.value = 'yes'
tracker.infos = count
tracker.save()
# redirect to legitimate website
post = request.POST.dict()
return render(
request, 'phishing/landingpage_post_redirect.html', {
'action': post.pop('mercure_real_action_url'),
'redirect_url': post.pop('mercure_redirect_url'),
'post': post,
})
def img(request, tracker_id):
"""Send tracking image.
:param request:
:param tracker_id:
:return:
"""
tracker = get_object_or_404(Tracker, pk=tracker_id)
# has data ?
data = request.GET.dict().copy()
data.update(request.POST.dict().copy())
raw = json.dumps(data) if data else None
# add infos
TrackerInfos.create(target_tracker=tracker, http_request=request, raw=raw)
count = TrackerInfos.objects.filter(target_tracker=tracker).count()
# update values
tracker.value = 'opened'
tracker.infos = count
tracker.save()
# return image
app_path = os.path.dirname(os.path.abspath(__file__))
image_path = os.path.join(app_path, '../static/img/tracking.png')
with open(image_path, 'rb') as f:
return HttpResponse(f.read(), content_type='image/png')
def test_dashboard_campaign_with_smtp(self):
self.client.login(username='******', password='******')
# add targets emails
target_group1_emails = ('*****@*****.**', '*****@*****.**', '*****@*****.**')
target_group1_title = 'target group 1 title'
target_group1 = TargetGroup.objects.create(name=target_group1_title)
for email in target_group1_emails:
Target.objects.create(email=email, group=target_group1)
# add email template
email_template_content = 'click: {{ landing_page_url }}'
email_template_from = '*****@*****.**'
email_template_name = 'email template title'
email_template_subject = 'Hello!'
email_template = EmailTemplate.objects.create(
email_subject=email_template_subject,
from_email=email_template_from,
landing_page=None,
name=email_template_name,
text_content=email_template_content,
)
# create campaign
campaign_name = 'campaign title'
campaign = Campaign.objects.create(
email_template=email_template,
name=campaign_name,
smtp_use_ssl=True,
smtp_host="127.0.0.1:8000",
smtp_username="******",
smtp_password="******",
)
# send emails to group 1
campaign.target_groups.add(target_group1)
self.run_jobs()
for track in campaign.trackers.all():
TrackerInfos.create(target_tracker=track)
# send emails to group 1, need to test it with valid credential
campaign.target_groups.add(target_group1)
resp = self.client.get(reverse('campaign_dashboard',
args=(campaign.pk,)))
self.assertEqual(resp.status_code, 200)
self.assertContains(resp, 'id="all_histogram"')
self.assertContains(resp, 'id="email_send_pie"')
self.assertContains(resp, 'id="all_histogram"')
self.assertContains(resp, 'id="email_send_pie"')
self.assertNotContains(resp, 'id="landing_page_open_pie"')
self.assertNotContains(resp, 'id="post_on_landing_page_pie"')
def test_trackerInfo(self):
camp = Campaign.objects.create(email_template_id=1,
name='Browser tracker test')
camp.target_groups.add(TargetGroup.objects.first())
Tracker.objects.create(campaign_id=camp.pk,
target_id=Target.objects.first().pk)
self.client.login(username='******', password='******')
met = meta('Mozilla', 'www.google.com', '8.8.8.8')
TrackerInfos.create(target_tracker=camp.trackers.first(),
http_request=req(met))
def test_print_trackerInfo(self):
camp = Campaign.objects.create(email_template_id=1,
name='Browser tracker test')
camp.target_groups_add(TargetGroup.objects.first())
Tracker.objects.create(campaign_id=camp.pk,
target_id=Target.objects.first().pk)
self.client.login(username='******', password='******')
met = meta('Mozilla', 'www.google.com', '8.8.8.8')
tracker_infos = TrackerInfos.create(
target_tracker=camp.trackers.first(), http_request=req(met))
# Test __str__
self.assertEqual(tracker_infos.__str__(),
"[Browser tracker test] [email protected] (: )")
def test_dashboard_campaign_with_incorrect_htmlcontent_email(self):
self.client.login(username='******', password='******')
# add landing page
landing_page_domain = 'https://my-fake-domain.com'
landing_page_html = '<!DOCTYPE html>' \
'<html lang="en">' \
'<body>' \
'test' \
'</body>' \
'</html>'
landing_page_name = 'landing page title'
landing_page = LandingPage.objects.create(
domain=landing_page_domain,
html=landing_page_html,
name=landing_page_name,
)
# add targets emails
target_group1_emails = ('*****@*****.**', '*****@*****.**', '*****@*****.**')
target_group1_title = 'target group 1 title'
target_group1 = TargetGroup.objects.create(name=target_group1_title)
for email in target_group1_emails:
Target.objects.create(email=email, group=target_group1)
# add email template
email_template_content = 'click: {{ landing_page_url }}'
email_html_content = '<!DOCTYPE html>' \
'<html lang="en">' \
'</html>'
email_template_from = '*****@*****.**'
email_template_name = 'email template title'
email_template_subject = 'Hello!'
email_template = EmailTemplate.objects.create(
email_subject=email_template_subject,
from_email=email_template_from,
landing_page=landing_page,
name=email_template_name,
text_content=email_template_content,
html_content=email_html_content,
)
# create campaign
campaign_name = 'campaign title'
campaign = Campaign.objects.create(
email_template=email_template,
name=campaign_name,
minimize_url=True,
)
# send emails to group 1
campaign.target_groups.add(target_group1)
self.run_jobs()
for track in campaign.trackers.all():
TrackerInfos.create(target_tracker=track)
# send emails to group 1
campaign.target_groups.add(target_group1)
self.run_jobs()
resp = self.client.get(reverse('campaign_dashboard',
args=(campaign.pk,)))
self.assertEqual(resp.status_code, 200)
self.assertContains(resp, 'id="all_histogram"')
self.assertContains(resp, 'id="email_send_pie"')
self.assertContains(resp, 'id="all_histogram"')
self.assertContains(resp, 'id="email_send_pie"')
self.assertContains(resp, 'id="landing_page_open_pie"')
self.assertNotContains(resp, 'id="post_on_landing_page_pie"')
def landing_page(request, tracker_id):
"""Show landing page.
:param request:
:param tracker_id:
:return:
"""
# add infos
tracker = get_object_or_404(Tracker, pk=tracker_id)
tracker_infos = TrackerInfos.create(target_tracker=tracker,
http_request=request)
count = TrackerInfos.objects.filter(target_tracker=tracker).count()
# update values
tracker.value = 'opened'
tracker.infos = count
tracker.save()
# return landing page
try:
campaign = tracker.campaign
email_template = campaign.email_template
landing_page = email_template.landing_page
html = landing_page.html
target = tracker.target
for var in get_template_vars(campaign, target, email_template):
html = html.replace(var['name'], var['value'] or '')
# add navigator info script
navigator_info = render_to_string(
'phishing/landingpage_navigator_infos.html', {
'tracker_id': tracker.pk,
})
html = html.replace('</body>', '%s</body>' % navigator_info)
# replace the post tracker id
if POST_TRACKER_ID in html:
tracker_post = Tracker.objects.filter(
campaign=campaign,
target=target,
key=TRACKER_LANDING_PAGE_POST).first()
if tracker_post:
value = str(tracker_post.pk)
else:
value = 'unknown'
tracker_infos.raw = 'tracker_post_id of %s in unknown' % \
tracker_id
tracker_infos.save()
html = html.replace(POST_TRACKER_ID, value)
# replace the landing page domain
if POST_DOMAIN in html:
landing_page_hostname = request.META.get('HTTP_HOST') or \
settings.HOSTNAME.split('//', 1)[-1].split('/')[0]
html = html.replace(POST_DOMAIN, landing_page_hostname)
landing_page.html = html
landing_page_printed.send(sender=request,
request=request,
landing_page=landing_page)
return HttpResponse(landing_page.html, content_type='text/html')
except Exception as e:
tracker_infos.raw = '%s: %s' % (e.__class__.__name__, e)
tracker_infos.save()
return HttpResponseRedirect('https://www.google.com/')