From e79372f8ac7d0c8652d5d06f65b058fd63bf78ce Mon Sep 17 00:00:00 2001 From: geefunkmasterpro Date: Wed, 27 Feb 2013 21:33:48 +1100 Subject: [PATCH] Added auth field to config so that emails are harder to track to sender Added error handling to identify: - errors creating the mail headers - errors processing JSON input - errors in the mailer configuration --- extensions/social_engineering/config.yaml | 3 +- .../mass_mailer/mass_mailer.rb | 53 +++++++++++-------- .../rest/socialengineering.rb | 13 +++-- 3 files changed, 41 insertions(+), 28 deletions(-) diff --git a/extensions/social_engineering/config.yaml b/extensions/social_engineering/config.yaml index a2b03233f..4a2d0af37 100644 --- a/extensions/social_engineering/config.yaml +++ b/extensions/social_engineering/config.yaml @@ -21,8 +21,9 @@ beef: use_auth: true use_tls: true helo: "gmail.com" # this is usually the domain name - from: "youruser@gmail.com" + auth: "youruser@gmail.com" password: "yourpass" + from: "fromemail@gmail.com" # available templates templates: default: diff --git a/extensions/social_engineering/mass_mailer/mass_mailer.rb b/extensions/social_engineering/mass_mailer/mass_mailer.rb index c62ebf7c8..aa586fe13 100644 --- a/extensions/social_engineering/mass_mailer/mass_mailer.rb +++ b/extensions/social_engineering/mass_mailer/mass_mailer.rb @@ -20,8 +20,9 @@ module BeEF @host = @config.get("#{@config_prefix}.host") @port = @config.get("#{@config_prefix}.port") @helo = @config.get("#{@config_prefix}.helo") - @from = @config.get("#{@config_prefix}.from") + @auth = @config.get("#{@config_prefix}.auth") @password = @config.get("#{@config_prefix}.password") + @from = @config.get("#{@config_prefix}.from") end # tos_hash is an Hash like: @@ -47,7 +48,7 @@ module BeEF smtp.enable_starttls(@ctx) unless @config.get("#{@config_prefix}.use_tls") == false if @config.get("#{@config_prefix}.use_auth") - smtp.start(@helo, @from, @password, :login) do |smtp| + smtp.start(@helo, @auth, @password, :login) do |smtp| tos_hash.each do |to, name| message = compose_email(fromname, to, name, subject, link, linktext, template) smtp.send_message(message, @from, to) @@ -68,32 +69,38 @@ module BeEF end def compose_email(fromname, to, name, subject, link, linktext, template) - msg_id = random_string(50) - boundary = "------------#{random_string(24)}" - rel_boundary = "------------#{random_string(24)}" + begin + msg_id = random_string(50) + boundary = "------------#{random_string(24)}" + rel_boundary = "------------#{random_string(24)}" - header = email_headers(@from, fromname, @user_agent, to, subject, msg_id, boundary) - plain_body = email_plain_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.plain", template), boundary) - rel_header = email_related(rel_boundary) - html_body = email_html_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.html", template),rel_boundary) - images = "" - @config.get("#{@config_prefix}.templates.#{template}.images").each do |image| - images += email_add_image(image, "#{@templates_dir}#{template}/#{image}",rel_boundary) - end + header = email_headers(@from, fromname, @user_agent, to, subject, msg_id, boundary) + plain_body = email_plain_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.plain", template), boundary) + rel_header = email_related(rel_boundary) + html_body = email_html_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.html", template),rel_boundary) - attachments = "" - if @config.get("#{@config_prefix}.templates.#{template}.attachments") != nil - @config.get("#{@config_prefix}.templates.#{template}.attachments").each do |attachment| - attachments += email_add_attachment(attachment, "#{@templates_dir}#{template}/#{attachment}",rel_boundary) - end - end + images = "" + @config.get("#{@config_prefix}.templates.#{template}.images").each do |image| + images += email_add_image(image, "#{@templates_dir}#{template}/#{image}",rel_boundary) + end - close = email_close(boundary) + attachments = "" + if @config.get("#{@config_prefix}.templates.#{template}.attachments") != nil + @config.get("#{@config_prefix}.templates.#{template}.attachments").each do |attachment| + attachments += email_add_attachment(attachment, "#{@templates_dir}#{template}/#{attachment}",rel_boundary) + end + end - message = header + plain_body + rel_header + html_body + images + attachments + close - print_debug "Raw Email content:\n #{message}" - message + close = email_close(boundary) + rescue Exception => e + print_error "Error constructing email." + raise + end + + message = header + plain_body + rel_header + html_body + images + attachments + close + print_debug "Raw Email content:\n #{message}" + message end def email_headers(from, fromname, user_agent, to, subject, msg_id, boundary) diff --git a/extensions/social_engineering/rest/socialengineering.rb b/extensions/social_engineering/rest/socialengineering.rb index b03447145..8bc5f6ffb 100644 --- a/extensions/social_engineering/rest/socialengineering.rb +++ b/extensions/social_engineering/rest/socialengineering.rb @@ -106,11 +106,16 @@ module BeEF halt 401 end end - - mass_mailer = BeEF::Extension::SocialEngineering::MassMailer.instance - mass_mailer.send_email(template, fromname, subject, link, linktext, recipients) rescue Exception => e - print_error "Invalid JSON input passed to endpoint /api/seng/clone_page" + print_error "Invalid JSON input passed to endpoint /api/seng/send_emails" + error 400 + end + + begin + mass_mailer = BeEF::Extension::SocialEngineering::MassMailer.instance + mass_mailer.send_email(template, fromname, subject, link, linktext, recipients) + rescue Exception => e + print_error "Invalid mailer configuration" error 400 end end