mirror of https://github.com/CIRCL/lookyloo
275 lines
13 KiB
HTML
275 lines
13 KiB
HTML
{% extends "main.html" %}
|
|
{% from "macros.html" import sanejs_details %}
|
|
{% from "macros.html" import indexed_hash %}
|
|
{% from "macros.html" import indexed_cookies %}
|
|
{% from "macros.html" import popup_icons %}
|
|
{% from "macros.html" import shorten_string %}
|
|
{% from "macros.html" import other_captures_table %}
|
|
|
|
{% block title %}Details for {{ hostname }} {% endblock %}
|
|
|
|
{% block styles %}
|
|
{{ super() }}
|
|
<link rel="stylesheet" href="{{ url_for('static', filename='datatables.min.css') }}">
|
|
{% endblock %}
|
|
|
|
{% block scripts %}
|
|
{{ super() }}
|
|
<script src='{{ url_for('static', filename='datatables.min.js') }}'></script>
|
|
<script src='{{ url_for('static', filename='generic.js') }}'></script>
|
|
<script type="text/javascript">
|
|
$(document).ready(() => {
|
|
$('table.table').DataTable( {
|
|
"order": [[ 1, "desc" ]],
|
|
"paging": false,
|
|
"info": false,
|
|
"columns": [
|
|
{ "orderable": false},
|
|
{ "orderable": false},
|
|
{ "orderable": false}
|
|
],
|
|
"columnDefs": [{
|
|
"targets": 1,
|
|
"render": (data) => {
|
|
const date = new Date(data);
|
|
return date.getFullYear() + '-' + (date.getMonth() + 1).toString().padStart(2, "0") + '-' + date.getDate().toString().padStart(2, "0") + ' ' + date.toTimeString();
|
|
}
|
|
}]
|
|
} );
|
|
});
|
|
</script>
|
|
<script>
|
|
let whereAmI = (hostnode_uuid) => window.opener.LocateNode(hostnode_uuid);
|
|
let flag = (hostnode_uuid) => window.opener.NodeHighlight(hostnode_uuid);
|
|
let openTreeInNewTab = (capture_uuid, hostnode_uuid=Null) => window.opener.openTreeInNewTab(capture_uuid, hostnode_uuid);
|
|
</script>
|
|
<script>
|
|
$(document).ready(() => {
|
|
// Grab any text in the attribute 'data-copy' and pass it to the copy function
|
|
$('.js-copy').tooltip();
|
|
$('.js-copy').click(function() {
|
|
const text = $(this).attr('data-copy');
|
|
const el = $(this);
|
|
copyToClipboard(text, el);
|
|
});
|
|
});
|
|
</script>
|
|
|
|
{% endblock %}
|
|
|
|
{% block content %}
|
|
{# Headers #}
|
|
<center>
|
|
<h3>{{ hostname }}</h3>
|
|
<button type="button" class="btn btn-info" onclick="whereAmI('{{ hostname_uuid }}')">Locate in tree</button>
|
|
<a href="{{ url_for('hostnode_details_text', tree_uuid=tree_uuid, node_uuid=hostname_uuid) }}" class="btn btn-info" role="button">Download URLs as text</a>
|
|
</center>
|
|
{# Start list of URLs #}
|
|
<ul class="list-group-flush">
|
|
{% for url in urls %}
|
|
{# URL Display #}
|
|
<li class="list-group-item">
|
|
<div class="h3" title={{ url['url_object'].name }}>
|
|
{# HTTPs or not #}
|
|
{% if url['encrypted'] %}
|
|
<img src="/static/secure.svg" title="Encrypted request" width="21" height="21"/>
|
|
{% else %}
|
|
<img src="/static/insecure.svg" title="Unencrypted request" width="21" height="21"/>
|
|
{%endif%}
|
|
{# URL #}
|
|
... /{{ shorten_string(url['url_path'], 50)}}
|
|
{# Copy full URL to clipbard #}
|
|
<button type="button" class="btn btn-default btn-copy js-copy"
|
|
data-toggle="tooltip" data-placement="bottom" data-copy="{{ url['url_object'].name }}" data-original-title="Copy to clipboard">
|
|
<svg class="bi bi-clipboard" width="1em" height="1em" viewBox="0 0 16 16" fill="currentColor" xmlns="http://www.w3.org/2000/svg">
|
|
<path fill-rule="evenodd" d="M4 1.5H3a2 2 0 0 0-2 2V14a2 2 0 0 0 2 2h10a2 2 0 0 0 2-2V3.5a2 2 0 0 0-2-2h-1v1h1a1 1 0 0 1 1 1V14a1 1 0 0 1-1 1H3a1 1 0 0 1-1-1V3.5a1 1 0 0 1 1-1h1v-1z"/>
|
|
<path fill-rule="evenodd" d="M9.5 1h-3a.5.5 0 0 0-.5.5v1a.5.5 0 0 0 .5.5h3a.5.5 0 0 0 .5-.5v-1a.5.5 0 0 0-.5-.5zm-3-1A1.5 1.5 0 0 0 5 1.5v1A1.5 1.5 0 0 0 6.5 4h3A1.5 1.5 0 0 0 11 2.5v-1A1.5 1.5 0 0 0 9.5 0h-3z"/>
|
|
</svg>
|
|
</button>
|
|
</div>
|
|
<ul class="list-group">
|
|
|
|
<li class="list-group-item">
|
|
<p class="h4">Request</p>
|
|
{{ popup_icons(keys_request, url['url_object'], tree_uuid) }}
|
|
|
|
{% if url['url_object'].posted_data %}
|
|
<a href="{{ url_for('urlnode_post_request', tree_uuid=tree_uuid, node_uuid=url['url_object'].uuid) }}">
|
|
Download posted data
|
|
</a></br>
|
|
Posted data size: {{ sizeof_fmt(url['url_object'].posted_data|length) }}
|
|
{% endif %}
|
|
|
|
{% if url['cookies_sent'] %}
|
|
<div>
|
|
<p class="h5">This request contains cookies.
|
|
<button class="btn btn-primary collapsed" type="button" data-toggle="collapse" data-target="#request_cookies_full_list_{{ url['url_object'].uuid }}" aria-expanded="false" aria-controls="collapseExample">
|
|
<span class="if-collapsed">Show cookies sent.</span>
|
|
<span class="if-not-collapsed">Hide cookies sent.</span>
|
|
</button>
|
|
</p>
|
|
<div class="collapse" id="request_cookies_full_list_{{ url['url_object'].uuid }}">
|
|
<div class="card card-body">
|
|
{{ indexed_cookies("List of cookies sent in the request", "Node setting this cookie", url['cookies_sent']) }}
|
|
</div>
|
|
</div>
|
|
</div>
|
|
{% endif %}
|
|
</li>
|
|
|
|
<li class="list-group-item">
|
|
{# Details of the response #}
|
|
<p class="h4">Response
|
|
<small>(Status code:
|
|
<span title="{{ http_status_description(url['url_object'].response['status']) }}">{{ url['url_object'].response['status'] }})</span>
|
|
</small>
|
|
</p>
|
|
{{ popup_icons(keys_response, url['url_object'], tree_uuid) }}
|
|
|
|
<div>
|
|
{% if url['url_object'].empty_response %}
|
|
Empty body.
|
|
{% else %}
|
|
{% if url['legitimacy'] and url['legitimacy'][0] == False %}
|
|
<img src="/static/bomb.svg" title="Known malicious content in the response." width="21" height="21"/>
|
|
{%endif%}
|
|
Body size: {{ sizeof_fmt(url['url_object'].body.getbuffer().nbytes) }}
|
|
{% if url['legitimacy'] %}
|
|
{% if url['legitimacy'][0] %}
|
|
- This file is known <b>legitimate</b>.
|
|
{% elif url['legitimacy'][0] == False %}
|
|
{% if url['legitimacy'][1] is iterable %}
|
|
</br>
|
|
The response sould be considered as <b>phishing</b> unless it is served by <b>the following domain(s)</b>: {{ ', '.join(url['legitimacy'][1]) }}
|
|
</br>
|
|
{% else %}
|
|
- The response is known <b>malicious</b>.
|
|
{%endif%}
|
|
{%endif%}
|
|
{%endif%}
|
|
{%endif%}
|
|
</div>
|
|
|
|
{% if url['sane_js'] %}
|
|
{# Result from SaneJS for the response #}
|
|
{{ sanejs_details(url['sane_js']) }}
|
|
{% endif %}
|
|
|
|
{# Everything we know about the response content #}
|
|
{% if url['body_hash_details'] and url['body_hash_details']['hash_freq'] %}
|
|
<div>
|
|
This file can be found <b>{{ url['body_hash_details']['hash_freq'] }}</b> times
|
|
across all the captures on this lookyloo instance, in <b>{{ url['body_hash_details']['hash_domains_freq'] }}</b> unique domains.
|
|
</br>
|
|
|
|
{# other captures related wit the same dontent #}
|
|
{% if 'other_captures' in url['body_hash_details'] %}
|
|
{{ indexed_hash(url['body_hash_details']['other_captures'], url['url_object'].uuid) }}
|
|
{% endif %}
|
|
{# Link to list of captures with the same hash #}
|
|
<p>
|
|
<a href="{{ url_for('body_hash_details', body_hash=url['url_object'].body_hash) }}">
|
|
Show more information about this response body.
|
|
</a>
|
|
</p>
|
|
</div>
|
|
{% endif %}
|
|
<button class="btn btn-primary collapsed" type="button" data-toggle="collapse" data-target="#context_response_{{ url['url_object'].uuid }}" aria-expanded="false" aria-controls="collapseContextForm">
|
|
<span class="if-collapsed">Add context.</span>
|
|
<span class="if-not-collapsed">Hide context form.</span>
|
|
</button>
|
|
<div class="collapse" id="context_response_{{ url['url_object'].uuid }}">
|
|
<div class="card card-body">
|
|
<form role="form" action="{{ url_for('add_context', tree_uuid=tree_uuid, urlnode_uuid=url['url_object'].uuid) }}" method=post enctype=multipart/form-data>
|
|
<div class="form-group">
|
|
<div class="form-check">
|
|
<input class="form-check-input" type="checkbox" name="legitimate" id="legitimate">
|
|
<label for="legitimate" class="form-check-label">Legitimate</label>
|
|
</div>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="legitimate_domain">Domain serving the file when considered legitimate:</label>
|
|
<input type="text" class="form-control" name="legitimate_domain" id=legitimate_domain placeholder="Domain name">
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="extra_context">Other context for this content (library name, owner, ...):</label>
|
|
<input type="text" class="form-control" name="extra_context" id=extra_context placeholder="Context">
|
|
</div>
|
|
<div class="form-group">
|
|
<div class="form-check">
|
|
<input class="form-check-input" type="checkbox" name="malicious"></input>
|
|
<label for="malicious" class="form-check-label">Malicious</label>
|
|
</div>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="malicious_type">Type of malicious content (phishing, malware, ...):</label>
|
|
<input type="text" class="form-control" name="malicious_type" id=malicious_type placeholder="Type of malicious content">
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="malicious_target">Legitimate target of the malicious content (expecially for phishing):</label>
|
|
<input type="text" class="form-control" name="legitimate_domain" id=legitimate_domain placeholder="Target">
|
|
</div>
|
|
<button type="submit" class="btn btn-primary" id="btn-looking">Submit context</button>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
|
|
{% if url['embedded_ressources'] %}
|
|
{# Details on embedded resources #}
|
|
<div><b>This response contains embedded ressources</b>
|
|
<button class="btn btn-primary collapsed" type="button" data-toggle="collapse" data-target="#embedded_full_list_{{ url['url_object'].uuid }}" aria-expanded="false" aria-controls="collapseExample">
|
|
<span class="if-collapsed">Show embedded resources.</span>
|
|
<span class="if-not-collapsed">Hide embedded resources.</span>
|
|
</button>
|
|
</div>
|
|
<div class="collapse" id="embedded_full_list_{{ url['url_object'].uuid }}">
|
|
<div class="card card-body">
|
|
{% for hash, details in url['embedded_ressources'].items() %}
|
|
{% if details['sane_js'] %}
|
|
{# Result from SaneJS for the embedded ressources #}
|
|
{{ sanejs_details(details['sane_js']) }}
|
|
{% endif %}
|
|
<div>
|
|
This file (<b>{{ details['type'] }}</b>) can be found <b>{{ details['hash_freq'] }}</b> times
|
|
across all the captures on this lookyloo instance, in <b>{{ details['hash_domains_freq'] }}</b> unique domains.
|
|
<form method="post" action="{{ url_for('get_embedded_ressource', tree_uuid=tree_uuid, node_uuid=url['url_object'].uuid) }}">
|
|
<button class="btn btn-primary" name="ressource_hash" value="{{ hash }}">Download the embedded ressource</button>
|
|
</form>
|
|
</br>
|
|
|
|
{% if 'other_captures' in details %}
|
|
{{ indexed_hash(details['other_captures'], hash) }}
|
|
{% endif %}
|
|
<p><a href="{{ url_for('body_hash_details', body_hash=url['url_object'].body_hash) }}">
|
|
Show more information about this embedded content.
|
|
</a></p>
|
|
</div>
|
|
{% endfor %}
|
|
</div>
|
|
</div>
|
|
{% endif %}
|
|
|
|
{% if url['cookies_received'] %}
|
|
<div>
|
|
<p class="h5">This response contains cookies.
|
|
<button class="btn btn-primary collapsed" type="button" data-toggle="collapse" data-target="#response_cookies_full_list_{{ url['url_object'].uuid }}" aria-expanded="false" aria-controls="collapseExample">
|
|
<span class="if-collapsed">Show cookies received.</span>
|
|
<span class="if-not-collapsed">Hide cookies received.</span>
|
|
</button>
|
|
</p>
|
|
<div class="collapse" id="response_cookies_full_list_{{ url['url_object'].uuid }}">
|
|
<div class="card card-body">
|
|
{{ indexed_cookies("This response contains 3rd party cookies:", "Node sending this cookie", url['cookies_received']['3rd_party']) }}
|
|
{{ indexed_cookies("Cookies, sent somewhere in the capture", "Node sending this cookie", url['cookies_received']['sent']) }}
|
|
{{ indexed_cookies("Cookies, never sent", "", url['cookies_received']['not_sent']) }}
|
|
</div>
|
|
</div>
|
|
</div>
|
|
{% endif %}
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
{% endfor %}
|
|
</ul>
|
|
{% endblock %}
|