Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Possibility to use firstname, lastname as dynamic fields in php pages #300

Open
RESP-hub opened this issue May 9, 2016 · 6 comments
Open

Feature Request: Possibility to use firstname, lastname as dynamic fields in php pages #300

RESP-hub opened this issue May 9, 2016 · 6 comments
Labels
enhancement question

Comments

@RESP-hub
Copy link

RESP-hub commented May 9, 2016
edited
Loading

When designing email templates you can use dynamic tags like this:
<%= @target.firstname %>
<%= @target.lastname %>
<%= @target.email_address %>

These dynamic tags don't work anymore in the php landing pages that the user visits.
Questions:

  1. What would be the best or easiest option to also get these uploaded user values available on each PHP page linked offcourse with the correct user/UID. So for example, when a user with UID=123456 visits we can display a php page with text that includes his name. Can we not get these user variables loaded in the php session?
  2. Is it possible to extends the user upload fields with 1-3 additional info fields?
@Meatballs1
Copy link
Contributor

The easiest way, at present, is to modify https://github.com/pentestgeek/phishing-frenzy/blob/master/app/controllers/reports_controller.rb#L71 so the finish string contains those values. Then do something in PHP to parse the string and place it in the rest of the document.

@Meatballs1
Copy link
Contributor

That value will be found in the PHP header injected in the top of each file, https://github.com/pentestgeek/phishing-frenzy/blob/e6d13c25e16bab8dd4a5bc987c248258cf4b9891/app/views/reports/tags.txt.erb:

$result = file_get_contents($url, false, $context);

You are probably best off editing the files directly in the public/deployed/campaign_id folder rather than via templates at that stage.

@RESP-hub
Copy link
Author

Thanks for your fast answer; I have studied it, but have some questions.
It is not clear for me how I can pickup this "finish" string. By default I doesn't seem that it is already present in the HTTP headers. So is it correct to say that I can add some php code in each PHP-template page that prints-out the full $results variable? I prefer to do in in the templates.

@Meatballs1
Copy link
Contributor

The finish string will be retrieved in the PHP snippet injected into every page.

39 $url = "<%= GlobalSettings.first.site_url %>" . '/reports/results/'; 
40 $data = array('uid' => $uid, 'browser_info' => $browser, 'ip_address' => $ip, 'extra' => $creds); 
41 

42 // use key 'http' even if you send the request to https://... 
43 $options = array( 
44     'http' => array( 
45     'header'  => 'Content-type: application/x-www-form-urlencoded', 
46     'method'  => 'POST', 
47     'content' => http_build_query($data), 
48     ), 
49 ); 
50 $context  = stream_context_create($options); 
51 $result = file_get_contents($url, false, $context);

$result should equal the contents finish string

@Meatballs1
Copy link
Contributor

You could probably put in PHP tags somewhere in the page to show this: <?php echo $result; ?>

@RESP-hub
Copy link
Author

thanks; just one more: is the 'results' string used for anything? if i add other data as you suggest will it not messup something else?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Meatballs1 @zeknox @RESP-hub