forked from joshingeneral/feelingPhishy
/
sendEmailAPI.php
139 lines (126 loc) · 5.24 KB
/
sendEmailAPI.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
<html>
<head>
<title>
Feeling Phishy - Send Email (Version 1.4)
</title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<table id="leftShark" width="800" align="center">
<tr>
<td>
<h3> Full Report</h3>
</td>
<tr>
<?php
//salt used for md5 hashing to hide logs.
$salt="salt123";
//Get basic information for output here
$senderIPAddress = $_POST['ip'];
$httpDomain = $_SERVER['HTTP_HOST'];
$httpagent = $_POST['httpagent'];
// Use this to change the location or path of where the image.php file is located
$directory = "";
$path = "$httpDomain$directory";
//Get varables here, doing POST for input from form, GET is for additional tools that want to use the API.
$fromName = $_POST['fromName'].$_GET['fromName'];
$fromEmail = $_POST['fromEmail'].$_GET['fromEmail'];
$toEmail = $_POST['toEmail'].$_GET['toEmail'];
$content = $_POST['content'].$_GET['content'];
$sendDate = $_POST['sendDate'].$_GET['sendDate']." ".$_POST['sendTime'].$_GET['sendTime'];
$sendSubject=$_POST['sendSubject'].$_GET['sendSubject'];
$landingPageError = $_POST['landingPageError'].$_GET['landingPageError'];
$logKey=$_POST['logKey'].$_GET['logKey'];
$adminEmail=$_POST['adminEmail'].$_GET['adminEmail'];
echo "error:$landingPageError";
#Error Checking
function Error($errorType) {
echo "There was an error with $errorType .<br>";
die ("<a href=\"index.php\"> Try again </a> <br />");
}
if(!$fromEmail == "" && (!strstr($fromEmail,"@") || !strstr($fromEmail,"."))) {
Error("the from email not being formatted correctly");
die ("<a href=\"index.php\"> Try again </a> <br />");
}
if(!$toEmail == "" && (!strstr($toEmail,"@") || !strstr($toEmail,"."))) {
Error("the sender email not being formatted correctly");
die ("<a href=\"index.php\"> Try again </a> <br />");
}
if(empty($fromName) || empty($fromEmail) || empty($content)) {
Error("a field being empty");
}
if(!$$logKey == "" && (!strstr($$logKey,"@") || !strstr($$logKey,"."))) {
}
else
{
$cacheMD5=md5($salt.$logKey.$salt);
$cache="&cache=$cacheMD5";
}
//date to show for this page
$todayis = date("l, F j, Y, g:i a") ;
//send message to admin so they have their key
sendmsg($adminEmail,"Your Admin Key","","","Your email key is: $logKey<br> You can access results at: <a href='http://$httpDomain/results.php'>http://$httpDomain/results.php</a>","","System","admin@$httpDomain","$todayis","","");
//We do this to fix the way POST requests send quotes
$message = str_replace("\\\"","\"",$content);
$message = str_replace("\\\'","\'",$message);
//For the function to work, you must pass all the varibles that are needed
function sendmsg($toEmail,$sendSubject,$httpDomain,$path,$message,$content,$fromName,$fromEmail,$sendDate,$landingPageError,$cache) {
// get the md5 to mask the email
$md5sum = md5($toEmail);
// replace the links commands with the right link to catch the click, tagged with md5 of email
$message = str_replace("[link]","<a href=\"http://$path/image.php?e=$landingPageError&a=$md5sum"."$cache\">",$message);
$message = str_replace("[/link]","</a>",$message);
// replace a tag's URL with the right link to catch the click, tagged with md5 of email
$message = str_replace("[url]","http://$path/image.php?e=$landingPageError&a=$md5sum"."$cache",$message);
// replace the tag with the email user name for the email
$toEmailVar1=preg_replace("/\@.*/","$1",$toEmail);
$message = str_replace("[email]","$toEmailVar1",$message);
// replace image placeholder with correct url to collect information, tagged with md5 of email
$message = str_replace("[image]","<img src=\"http://$path/image.php?e=$landingPageError&img=$md5sum"."$cache\">",$message);
$message = str_replace("/sendEmail.php","",$message);
// This builds the headers to trick the client into think it was sent at a different date
$headers .= "Delivery-date: $sendDate
Received: from localhost ([127.0.0.1] helo=example.com)
by example.com with esmtp (Exim 4.69)
(envelope-from <example@server.com>)
id 1PVKNu-00033s-2Z
for $toEmail; $sendDate
". "From: $fromEmail\r\n" . "Date: $sendDate\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
// send the mail
// headers will build the from and date fields
mail($toEmail, $sendSubject, $message, $headers);
// output simple results to the user
echo "<tr><td id=\"leftShark\">";
echo "We just sent the following:";
echo "<br> Headers:<br> $headers \n";
echo "<p></p>";
echo "<br> From: $fromEmail\n";
echo "<br> To: $toEmail\n";
echo "<br> Message: $content \n";
echo "<br> message sent";
echo "<p></p>";
echo "</td></tr>";
}
#sendmsg($toEmail,$sendSubject,$httpDomain,$path,$message,$content,$fromName,$fromEmail,$sendDate);
#$sendToEmails="josh2@joshingeneral.com,josh3@joshingeneral.com";
#echo "$sendToEmails";
$emailArray = explode(',', $toEmail);
foreach ($emailArray as $email){
echo "<tr><td>";
echo "<br> Email Sent To: $email";
echo "</td></tr>";
sendmsg($email,$sendSubject,$httpDomain,$path,$message,$content,$fromName,$fromEmail,$sendDate,$landingPageError,$cache);
}
?>
</tr>
<tr>
<td>
<a href="index.php"> Home </a> <br />
Click / View Results: <a href="results.php">Results </a>
</td>
</tr>
</table>
</body>
</html>