2023-10-25 15:50:33 +02:00
|
|
|
#
|
|
|
|
# SPDX-FileCopyrightText: 2023 Afnic
|
|
|
|
#
|
|
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
#
|
|
|
|
|
2023-10-25 15:50:24 +02:00
|
|
|
package Email::SpoofingDemo::API::Attacker;
|
|
|
|
use Dancer2;
|
|
|
|
|
|
|
|
our $VERSION = '0.1';
|
|
|
|
|
|
|
|
my $SCRIPT = '/home/attaquant/scripts/send_email.py';
|
|
|
|
|
|
|
|
sub run_script {
|
|
|
|
open(my $fh, '-|', $SCRIPT, '--non-interactive', @_)
|
|
|
|
or die "$SCRIPT: $!";
|
|
|
|
|
|
|
|
my $json;
|
|
|
|
{
|
|
|
|
local $/ = undef;
|
|
|
|
$json = <$fh>;
|
|
|
|
}
|
|
|
|
|
|
|
|
close($fh);
|
|
|
|
|
|
|
|
if (($? >> 8) != 0) {
|
|
|
|
die $json;
|
|
|
|
}
|
|
|
|
return from_json($json);
|
|
|
|
}
|
|
|
|
|
|
|
|
get '/' => sub { return "Welcome"; };
|
|
|
|
|
|
|
|
get '/config' => sub {
|
|
|
|
return run_script('--get-config');
|
|
|
|
};
|
|
|
|
|
|
|
|
post '/spoof' => sub {
|
|
|
|
my $helo = body_parameters->{'helo'};
|
|
|
|
my $scenario = body_parameters->{'scenario'};
|
|
|
|
|
|
|
|
if (not defined $scenario) {
|
|
|
|
status 400;
|
|
|
|
return "Need a scenario name";
|
|
|
|
}
|
|
|
|
|
|
|
|
my @args = ('--template', $scenario);
|
|
|
|
if (defined $helo) {
|
|
|
|
push @args, ('--helo', $helo);
|
|
|
|
}
|
|
|
|
if (body_parameters->{'replace_mail_from'}) {
|
|
|
|
push @args, ('--replace-rfc5321-mail-from');
|
|
|
|
}
|
|
|
|
|
|
|
|
return run_script(@args);
|
|
|
|
};
|
|
|
|
|
|
|
|
any qr{.*} => sub { status 'not_found'; return "Invalid route" };
|
|
|
|
|
|
|
|
dance;
|
|
|
|
|
|
|
|
true;
|