Cyber security

Its-A-Trap : Building Secure Web Applications With A Golang Web Server For Authentication

Simple golang webserver that listens for basic auth or post requests and sends a notification when a user enters a password.

You need to add your custom templates and post the username and password parameter to /login when using the post mode.

Folder Layout

its-a-trap/custom
├── assets
│   └── styles.css
└── templates
    ├── finish.html
    └── index.html

This will serve index.html and show finish.html upon sending a post request. You can use the asset_folder to store your custom assets needed for the templates. In basic auth mode only finish.html is shown.

Basic Auth Example

{
  "server": {
    "listen": "127.0.0.1",
    "port": 8000
  },
  "method": "basic",
  "cloudflare": false,
  "timeout": "5s",
  "basic": {
    "realm": "restricted",
  },
  "template": {
    "folder": "./custom/templates",
    "index_template": "index.html",
    "finish_template": "finish.html",
    "asset_folder": "./custom/assets"
  }
}

Post Example

{
  "server": {
    "listen": "127.0.0.1",
    "port": 8000
  },
  "method": "post",
  "cloudflare": false,
  "timeout": "5s",
  "template": {
    "folder": "./custom/templates",
    "index_template": "index.html",
    "finish_template": "finish.html",
    "asset_folder": "./custom/assets"
  }
}

In POST mode you have access to the following variables inside the template:

  • {{ .LoginURL }} – The URL to post to
  • {{ .UsernameParameter }} – the username parameter name
  • {{ .PasswordParameter }} – the password parameter name

Example:

<form action="{{ .LoginURL }}" method="post">
  <label for="fname">Username:</label>
  <input type="text" id="fname" name="{{ .UsernameParameter }}"><br><br>
  <label for="fpass">Password:</label>
  <input type="password" id="fpass" name="{{ .PasswordParameter }}"><br><br>
  <input type="submit" value="Submit">
</form>
Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Leave a Comment
Share
Published by
Tamil S
Tags: cybersecurityinformationsecurityIts-A-Trapkalilinuxkalilinuxtools
4 months ago

Recent Posts

PromptFoo – Streamlining LLM Application Development And Security Testing

An innovative tool designed to revolutionize the testing, evaluation, and security of LLM applications. This…

4 days ago

AdbNet – Mastering Android Device Exploitation

A sophisticated tool designed for exploiting vulnerabilities in Android devices. This article dives into the…

5 days ago

SeamlessPass – Bridging Kerberos Authentication With Microsoft 365 Access

SeamlessPass is a tool designed to obtain Microsoft 365 access tokens using on-premises Active Directory…

5 days ago

Awesome Forensics – The Forensic Analyst’s Toolkit An In-Depth Exploration

Comprehensive guide to the tools and resources pivotal in the world of forensic analysis. From…

5 days ago

CVEScannerV2 – Enhancing Network Security With Nmap Vulnerability Detection Script

An advanced Nmap script designed to detect potential vulnerabilities in network services. This article delves…

5 days ago

File Tunnel – Innovative TCP Connection Tunneling via Files

A powerful tool designed to tunnel TCP connections through a file. Ideal for circumventing firewalls…

5 days ago