def _handle_page_visit_creds(self, session, visit_id):
username, password = self.get_query_creds()
if username is None:
return
cred_count = 0
query = session.query(db_models.Credential)
query = query.filter_by(message_id=self.message_id,
username=username,
password=password)
if query.count() == 0:
cred = db_models.Credential(campaign_id=self.campaign_id,
message_id=self.message_id,
visit_id=visit_id)
cred.username = username
cred.password = password
session.add(cred)
campaign = db_manager.get_row_by_id(session, db_models.Campaign,
self.campaign_id)
cred_count = len(campaign.credentials)
if cred_count > 0 and ((cred_count in [1, 5, 10]) or
((cred_count % 25) == 0)):
alert_text = "{0} credentials submitted for campaign: {{campaign_name}}".format(
cred_count)
self.server.job_manager.job_run(self.issue_alert,
(alert_text, self.campaign_id))
signals.safe_send('credentials-received',
self.logger,
self,
username=username,
password=password)
def _handle_page_visit_creds(self, campaign, visit_id):
query_creds = self.get_query_creds()
if query_creds.username is None:
return
cred_count = 0
cred = self._get_db_creds(query_creds)
if cred is None:
cred = db_models.Credential(
campaign_id=campaign.id,
message_id=self.message_id,
visit_id=visit_id,
**query_creds._asdict()
)
cred.regex_validated = db_validation.validate_credential(cred, campaign)
self._session.add(cred)
self._session.commit()
self.logger.debug("credential id: {0} created for message id: {1}".format(cred.id, cred.message_id))
campaign = db_manager.get_row_by_id(self._session, db_models.Campaign, self.campaign_id)
cred_count = len(campaign.credentials)
if cred_count > 0 and ((cred_count in [1, 5, 10]) or ((cred_count % 25) == 0)):
self.server.job_manager.job_run(self.issue_alert, (self.campaign_id, 'credentials', cred_count))
signals.send_safe('credentials-received', self.logger, self, username=query_creds.username, password=query_creds.password)
def _handle_page_visit_creds(self, session, visit_id):
username = None
for pname in ['username', 'user', 'u']:
username = (self.get_query(pname) or self.get_query(pname.title())
or self.get_query(pname.upper()))
if username:
break
if not username:
return
password = None
for pname in ['password', 'pass', 'p']:
password = (self.get_query(pname) or self.get_query(pname.title())
or self.get_query(pname.upper()))
if password:
break
password = (password or '')
cred_count = 0
query = session.query(db_models.Credential)
query = query.filter_by(message_id=self.message_id,
username=username,
password=password)
if query.count() == 0:
cred = db_models.Credential(campaign_id=self.campaign_id,
message_id=self.message_id,
visit_id=visit_id)
cred.username = username
cred.password = password
session.add(cred)
campaign = db_manager.get_row_by_id(session, db_models.Campaign,
self.campaign_id)
cred_count = len(campaign.credentials)
if cred_count > 0 and ((cred_count in [1, 5, 10]) or
((cred_count % 25) == 0)):
alert_text = "{0} credentials submitted for campaign: {{campaign_name}}".format(
cred_count)
self.server.job_manager.job_run(self.issue_alert,
(alert_text, self.campaign_id))
def handle_page_visit(self):
if not self.message_id:
return
if self.message_id == self.config.get('server.secret_id'):
return
if not self.campaign_id:
return
self.logger.info(
"handling a page visit for campaign id: {0} from IP address: {1}".
format(self.campaign_id, self.client_address[0]))
message_id = self.message_id
campaign_id = self.campaign_id
session = db_manager.Session()
campaign = db_manager.get_row_by_id(session, db_models.Campaign,
self.campaign_id)
message = db_manager.get_row_by_id(session, db_models.Message,
self.message_id)
if message.opened == None and self.config.get_if_exists(
'server.set_message_opened_on_visit', True):
message.opened = db_models.current_timestamp()
set_new_visit = True
if self.visit_id:
set_new_visit = False
visit_id = self.visit_id
query = session.query(db_models.LandingPage)
query = query.filter_by(campaign_id=self.campaign_id,
hostname=self.vhost,
page=self.request_path[1:])
if query.count():
visit = db_manager.get_row_by_id(session, db_models.Visit,
visit_id)
if visit.message_id == message_id:
visit.visit_count += 1
else:
set_new_visit = True
if set_new_visit:
visit_id = make_uid()
kp_cookie_name = self.config.get('server.cookie_name')
cookie = "{0}={1}; Path=/; HttpOnly".format(
kp_cookie_name, visit_id)
self.send_header('Set-Cookie', cookie)
visit = db_models.Visit(id=visit_id,
campaign_id=campaign_id,
message_id=message_id)
visit.visitor_ip = self.client_address[0]
visit.visitor_details = self.headers.get('user-agent', '')
session.add(visit)
visit_count = len(campaign.visits)
if visit_count > 0 and ((visit_count in [1, 10, 25]) or
((visit_count % 50) == 0)):
alert_text = "{0} vists reached for campaign: {{campaign_name}}".format(
visit_count)
self.server.job_manager.job_run(self.issue_alert,
(alert_text, campaign_id))
username = None
for pname in ['username', 'user', 'u']:
username = (self.get_query_parameter(pname)
or self.get_query_parameter(pname.title())
or self.get_query_parameter(pname.upper()))
if username:
break
if username:
password = None
for pname in ['password', 'pass', 'p']:
password = (self.get_query_parameter(pname)
or self.get_query_parameter(pname.title())
or self.get_query_parameter(pname.upper()))
if password:
break
password = (password or '')
cred_count = 0
query = session.query(db_models.Credential)
query = query.filter_by(message_id=message_id,
username=username,
password=password)
if query.count() == 0:
cred = db_models.Credential(campaign_id=campaign_id,
message_id=message_id,
visit_id=visit_id)
cred.username = username
cred.password = password
session.add(cred)
cred_count = len(campaign.credentials)
if cred_count > 0 and ((cred_count in [1, 5, 10]) or
((cred_count % 25) == 0)):
alert_text = "{0} credentials submitted for campaign: {{campaign_name}}".format(
cred_count)
self.server.job_manager.job_run(self.issue_alert,
(alert_text, campaign_id))
trained = self.get_query_parameter('trained')
if isinstance(trained,
str) and trained.lower() in ['1', 'true', 'yes']:
message.trained = True
session.commit()
session.close()