Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modified regex to detect Microsoft ATP URLs #1976

Merged
merged 1 commit into from Sep 24, 2020
Merged

Modified regex to detect Microsoft ATP URLs #1976

merged 1 commit into from Sep 24, 2020

Conversation

glennzw
Copy link
Collaborator

@glennzw glennzw commented Sep 18, 2020
edited

Fix to address #1975

Test code for the regex:

package main

import (
	"fmt"
	"regexp"
)

func main() {


	var goPhishRegex = regexp.MustCompile("((\\?|%3F)rid(=|%3D)(3D)?([A-Za-z0-9]{7}))")


	testCases := [...]string{"hello world no rids here", "blah ?rid=AbC1234 blah", "blah ?rid=3DAbC1234 blah", "blah %3Frid%3DAbC1234 blah", "blah %3Frid%3D3DAbC1234 blah"}

	for i, emailContent := range testCases {

	  fmt.Printf("Test %d: ", i)
	  for _, r := range goPhishRegex.FindAllStringSubmatch(emailContent, -1) {
	    newrid := r[len(r)-1]
	    fmt.Printf(newrid)
	  }
	  fmt.Println()
	}

}

Test 0: 
Test 1: AbC1234
Test 2: AbC1234
Test 3: AbC1234
Test 4: AbC1234

https://play.golang.org/p/QmsWHgPRmQR

@glennzw glennzw mentioned this pull request Sep 18, 2020
Closed
@jordan-wright
Copy link
Collaborator

Seems reasonable to me, thanks @glennzw!

@jordan-wright jordan-wright merged commit 0b2ab68 into master Sep 24, 2020
@jordan-wright jordan-wright deleted the imap-microsoft-atp-fix branch September 24, 2020 01:40
jordan-wright added a commit that referenced this pull request Oct 1, 2020
@jordan-wright
Updated JS from #1976
3c490db
willl03 pushed a commit to willl03/gophish that referenced this pull request Oct 20, 2020
@glennzw
Modified regex to detect Microsoft ATP URLs (gophish#1976)
25990ed
willl03 pushed a commit to willl03/gophish that referenced this pull request Oct 20, 2020
@jordan-wright
Updated JS from gophish#1976
e873374
@brian1318
Copy link

Sir ;
The Fixed code insert to which files. Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@glennzw @jordan-wright @brian1318