spf-dkim-dmarc-demo/attacker/web-api/lib/Email/SpoofingDemo/API/Attacker.pm

63 lines
1.1 KiB
Perl
Raw Permalink Normal View History

2023-10-25 15:50:33 +02:00
#
# SPDX-FileCopyrightText: 2023 Afnic
#
# SPDX-License-Identifier: GPL-3.0-or-later
#
2023-10-25 15:50:24 +02:00
package Email::SpoofingDemo::API::Attacker;
use Dancer2;
our $VERSION = '0.1';
my $SCRIPT = '/home/attaquant/scripts/send_email.py';
sub run_script {
open(my $fh, '-|', $SCRIPT, '--non-interactive', @_)
or die "$SCRIPT: $!";
my $json;
{
local $/ = undef;
$json = <$fh>;
}
close($fh);
if (($? >> 8) != 0) {
die $json;
}
return from_json($json);
}
get '/' => sub { return "Welcome"; };
get '/config' => sub {
return run_script('--get-config');
};
post '/spoof' => sub {
my $helo = body_parameters->{'helo'};
my $scenario = body_parameters->{'scenario'};
if (not defined $scenario) {
status 400;
return "Need a scenario name";
}
my @args = ('--template', $scenario);
if (defined $helo) {
push @args, ('--helo', $helo);
}
if (body_parameters->{'replace_mail_from'}) {
push @args, ('--replace-rfc5321-mail-from');
}
return run_script(@args);
};
any qr{.*} => sub { status 'not_found'; return "Invalid route" };
dance;
true;