Documentation
¶
Overview ¶
Package spoof serves decoy content at phishing domains to hide the proxy's true purpose. When a visitor should not be phished (bot, blacklisted IP, invalid lure), the Server reverse-proxies a legitimate site's content or serves a default "It works!" page, making the server appear to host real content.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server renders a legitimate site's content in place of a phishing response. It rewrites domain references in the response body so the spoofed site's links point to the phishing domain, strips security headers, and removes the session tracking cookie.
When no spoof URL is configured, ServeHTTP serves an Apache-style default page — a 200 OK that makes the server look like an ordinary unconfigured web host.
func NewServer ¶
New creates a Server. defaultSpoofURL is used when no per-request URL is provided. sessionCookieName is the cookie stripped from spoofed requests.
func (*Server) Spoof ¶
func (s *Server) Spoof(w http.ResponseWriter, r *http.Request)
Spoof serves the default spoof URL, or the default page if none is configured.
func (*Server) SpoofTarget ¶
SpoofTarget serves the provided URL, falling back to the default spoof URL, and finally to the default page if neither is available.
Source Files