You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Brief description of the issue: When using Microsoft ATP, it's URL encoding seems to break the Email reporting feature. Or if it's looking at X-Headers, I've not determined which one is the culprit.
What are you expecting to see happen? : When a user reports a simulated phishing email that's been processed (URL encoded) by Microsoft ATP, it should show (on the GoPhish campaign page) as successfully reported by the user.
What are you seeing happen? The email is processed (read by GoPhish using IMAP), but does not show as reported in the campaign.
Please provide as many steps as you can to reproduce the problem:
It seems if I turn off the Microsoft ATP feature, the plain unencoded URL works (reports as expected).
The text was updated successfully, but these errors were encountered:
I modified the regex matching pattern that handles finding ?rid=abc1234 with an or operator to allow either '=' or '%3D' and '?' or '%3F'. I'm not sure if there's a more elegant approach. Another solution is to check for safelinks.protection.outlook.com/?url= and decode the URL that follows, but that's more cumbersome.
I opened a pull request here #1976 with the above fix.
@CMS009 would you mind taking it for a spin and seeing if it works? You'll need to download and compile. In case you need help with that, do the following:
git clone git@github.com:gophish/gophish.git
cd gophish
git checkout imap-microsoft-atp-fix
go build && ./gophish
What version of Gophish are you using?: 0.11.0
Brief description of the issue: When using Microsoft ATP, it's URL encoding seems to break the Email reporting feature. Or if it's looking at X-Headers, I've not determined which one is the culprit.
What are you expecting to see happen? : When a user reports a simulated phishing email that's been processed (URL encoded) by Microsoft ATP, it should show (on the GoPhish campaign page) as successfully reported by the user.
What are you seeing happen? The email is processed (read by GoPhish using IMAP), but does not show as reported in the campaign.
Example of MS ATP encoded format:
Example of MS ATP UTF-8 decoded format:
Please provide as many steps as you can to reproduce the problem:
It seems if I turn off the Microsoft ATP feature, the plain unencoded URL works (reports as expected).
The text was updated successfully, but these errors were encountered: