Skip to content

Architecture and design

Jump to bottom
m1nl edited this page Jan 12, 2019 · 4 revisions

Architecture

  1. Ember.js admin frontend communicates with admin interface endpoint using JSON REST API

  2. Rails engine is used to provide two endpoints - admin and public:

    Admin / public endpoints are exposed via different URL namespaces (/api/ and /public/ by default). They can be also separated into two different application instances - for details please check comments in pompa.yml.sample.

    • admin endpoint exposes all API calls required to set up and run a phishing campaign
    • public endpoint serves all resources (i.e. HTML pages, JavaScript files and images) for a phishing page
    • public endpoint receives all callbacks / reports when a phishing victim fulfills a specific goal

  3. All non-binary data is stored in PostgreSQL database - ORM mapping is done using ActiveRecord framework

  4. Rails engine is not used for any long-lived tasks. Phishing campaigns are processed as a number of different Sidekiq jobs (separate job for campaign processing, personalized email generation and their delivery). Jobs use Redis message queue to communicate with each other.

  5. Redis is also used to perform any possible caching - as phishing pages and emails can be personalized for each victim using Liquid templates, intermediate results are stored in Redis to speed-up generation of rendered views.

Implemention highlights

  1. Message-driven communication between workers

    • campaign worker spawns victim workers in batches
    • each victim worker generates an email and queues it to the mailer worker
    • mailer worker throttles queued emails and delivers it to the mail transfer agent

  1. Non-blocking design and caching

    • campaign worker periodically picks events from Redis and saves it to the DB

  1. Dynamic template rendering

    • most fields have Liquid template support (i.e. email subject and body)
    • landing pages can be rendered with a full context of a victim
Hello, {{ victim.first_name }}!

Do you have a moment to click on a
<a href="{{ template.landing_url }}">link</a>?

Here is a random cat picture for you: <img src="{{ 'cat' | resource }}">!

Cheers,
{{ mailer.sender_name }}

  1. Flexible goals (and resources)

    • a goal is made by making a HTTP request
    • all reported parameters (like captured credentials) are saved
    • resources can be used both in landing page and phishing email
    • report and resource helpers can be used in templates
{{ 'click' | report }} -> http://myphish.in/?v=<victim>&g=<goal>
{{ 'cat' | resource }} -> http://myphish.in/?r=<resource>

Dynamic templates:
{{ 'index-html' | resource }} -> http://myphish.in/?r=<resource>&v=<victim>
Clone this wiki locally