Documentation

Index

Constants

This section is empty.

Variables

View Source
var DefaultDialer = &RestrictedDialer{}

DefaultDialer is a global instance of a RestrictedDialer

Functions

func Dialer

func Dialer() *net.Dialer

Dialer returns a net.Dialer that restricts outbound connections to only the addresses allowed by the DefaultDialer.

func SetAllowedHosts

func SetAllowedHosts(allowed []string)

SetAllowedHosts sets the list of allowed hosts or IP ranges for the default dialer.

Types

type RestrictedDialer

type RestrictedDialer struct {
	// contains filtered or unexported fields
}

RestrictedDialer is used to create a net.Dialer which restricts outbound connections to only allowlisted IP ranges.

func (*RestrictedDialer) AllowedHosts

func (d *RestrictedDialer) AllowedHosts() []string

AllowedHosts returns the configured hosts that are allowed for the dialer.

func (*RestrictedDialer) Dialer

func (d *RestrictedDialer) Dialer() *net.Dialer

Dialer returns a net.Dialer that restricts outbound connections to only the allowed addresses over TCP.

By default, since Gophish anticipates connections originating to hosts on the local network, we only deny access to the link-local addresses at 169.254.0.0/16.

If hosts are provided, then Gophish blocks access to all local addresses except the ones provided.

This implementation is based on the blog post by Andrew Ayer at https://www.agwa.name/blog/post/preventing_server_side_request_forgery_in_golang

func (*RestrictedDialer) SetAllowedHosts

func (d *RestrictedDialer) SetAllowedHosts(allowed []string) error

SetAllowedHosts sets the list of allowed hosts or IP ranges for the dialer.

Source Files