mirror of
https://github.com/phishingclub/phishingclub.git
synced 2026-07-14 07:47:24 +02:00
@@ -688,10 +688,14 @@ func (m *RemoteBrowserController) sessionToInfo(sess *activeSession) liveSession
|
||||
// ListLiveSessions returns all active victim sessions for the campaign, optionally
|
||||
// filtered by campaignID query param.
|
||||
func (m *RemoteBrowserController) ListLiveSessions(g *gin.Context) {
|
||||
_, _, ok := m.handleSession(g)
|
||||
session, _, ok := m.handleSession(g)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
if authorized, err := service.IsAuthorized(session, data.PERMISSION_ALLOW_GLOBAL); err != nil || !authorized {
|
||||
m.Response.Forbidden(g)
|
||||
return
|
||||
}
|
||||
campaignFilter := g.Query("campaignID")
|
||||
var sessions []liveSessionInfo
|
||||
m.RemoteBrowserService.RangeSessions(func(_ string, val service.LiveSession) bool {
|
||||
@@ -709,10 +713,14 @@ func (m *RemoteBrowserController) ListLiveSessions(g *gin.Context) {
|
||||
|
||||
// CloseLiveSession terminates an active victim session by cancelling its context.
|
||||
func (m *RemoteBrowserController) CloseLiveSession(g *gin.Context) {
|
||||
_, _, ok := m.handleSession(g)
|
||||
session, _, ok := m.handleSession(g)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
if authorized, err := service.IsAuthorized(session, data.PERMISSION_ALLOW_GLOBAL); err != nil || !authorized {
|
||||
m.Response.Forbidden(g)
|
||||
return
|
||||
}
|
||||
crID := g.Param("crID")
|
||||
val, loaded := m.RemoteBrowserService.LoadAndDeleteSession(crID)
|
||||
if !loaded {
|
||||
@@ -727,10 +735,14 @@ func (m *RemoteBrowserController) CloseLiveSession(g *gin.Context) {
|
||||
// the admin. When mode=control (query param) it also forwards mouse/keyboard
|
||||
// input from the admin back into the browser.
|
||||
func (m *RemoteBrowserController) StreamLiveSession(g *gin.Context) {
|
||||
_, _, ok := m.handleSession(g)
|
||||
session, _, ok := m.handleSession(g)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
if authorized, err := service.IsAuthorized(session, data.PERMISSION_ALLOW_GLOBAL); err != nil || !authorized {
|
||||
m.Response.Forbidden(g)
|
||||
return
|
||||
}
|
||||
crIDStr := g.Param("crID")
|
||||
val, exists := m.RemoteBrowserService.LoadSession(crIDStr)
|
||||
if !exists {
|
||||
|
||||
Reference in New Issue
Block a user