Tracking target user IPs via jinja tag

[Script-Nomad]

Feature Description

It would be useful to include the IP addresses of visiting users in a jinja tag so that conditionals could be made against them. Conditionals based on the first-seen IP address could ensure that a visitor's IP does not change between visits, which might indicate either a separate device or in a more unfortunate scenario, a phishing report service. I had an incident where a phish got reported by a user, which caused dozens of report service to hammer the KP server, blacklisted our domain and IP address on multiple search engines and spam report services.

Example Use Case

The following demonstrates a jinja tag in use that causes the client to be redirected to the Google search page if their most recent visit IP does not match the first IP.

{% if client.visit_ip[-1] != client.visit_ip[0] %}
{{ make_redirect_page('https://www.google.com/', title='Loading Page...') }}
{% else %}
original page content here
{% endif %}

[zeroSteiner]

I like it. I think I'll end up changing it to be client.visits where it's then an array of visit objects. That would change the first line to client.visits[-1].ip != client.visits[0].ip. While I'm at it, I'll do the same for credentials.

Same thing should probably be done for campaign.visits and campaign.credentials.

[Script-Nomad]

That would be awesome. Exposing the credentials as a jinja tag would make it possible to do some other interesting phishes like "Forget your password?" pretexts and throwing an error like You already used this password. similar to password history restrictions.

Looking forward to this. :tada:

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.