Cyber security

Its-A-Trap : Building Secure Web Applications With A Golang Web Server For Authentication

Simple golang webserver that listens for basic auth or post requests and sends a notification when a user enters a password.

You need to add your custom templates and post the username and password parameter to /login when using the post mode.

Folder Layout

its-a-trap/custom
├── assets
│   └── styles.css
└── templates
    ├── finish.html
    └── index.html

This will serve index.html and show finish.html upon sending a post request. You can use the asset_folder to store your custom assets needed for the templates. In basic auth mode only finish.html is shown.

Basic Auth Example

{
  "server": {
    "listen": "127.0.0.1",
    "port": 8000
  },
  "method": "basic",
  "cloudflare": false,
  "timeout": "5s",
  "basic": {
    "realm": "restricted",
  },
  "template": {
    "folder": "./custom/templates",
    "index_template": "index.html",
    "finish_template": "finish.html",
    "asset_folder": "./custom/assets"
  }
}

Post Example

{
  "server": {
    "listen": "127.0.0.1",
    "port": 8000
  },
  "method": "post",
  "cloudflare": false,
  "timeout": "5s",
  "template": {
    "folder": "./custom/templates",
    "index_template": "index.html",
    "finish_template": "finish.html",
    "asset_folder": "./custom/assets"
  }
}

In POST mode you have access to the following variables inside the template:

  • {{ .LoginURL }} – The URL to post to
  • {{ .UsernameParameter }} – the username parameter name
  • {{ .PasswordParameter }} – the password parameter name

Example:

<form action="{{ .LoginURL }}" method="post">
  <label for="fname">Username:</label>
  <input type="text" id="fname" name="{{ .UsernameParameter }}"><br><br>
  <label for="fpass">Password:</label>
  <input type="password" id="fpass" name="{{ .PasswordParameter }}"><br><br>
  <input type="submit" value="Submit">
</form>
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: cybersecurityinformationsecurityIts-A-Trapkalilinuxkalilinuxtools
9 months ago

Recent Posts

garak, LLM Vulnerability Scanner : The Comprehensive Tool For Assessing Language Model Security

garak checks if an LLM can be made to fail in a way we don't…

24 hours ago

Vermilion : Mastering Linux Post-Exploitation For Red Team Success

Vermilion is a simple and lightweight CLI tool designed for rapid collection, and optional exfiltration…

24 hours ago

AD-CS-Forest-Exploiter : Mastering Security Through PowerShell For AD CS Misconfiguration

ADCFFS is a PowerShell script that can be used to exploit the AD CS container…

24 hours ago

Usage Of Tartufo – A Comprehensive Guide To Securing Your Git Repositories

Tartufo will, by default, scan the entire history of a git repository for any text…

24 hours ago

Loco : A Rails-Inspired Framework For Rust Developers

Loco is strongly inspired by Rails. If you know Rails and Rust, you'll feel at…

2 days ago

Monolith : The Ultimate Tool For Storing Entire Web Pages As Single HTML Files

A data hoarder’s dream come true: bundle any web page into a single HTML file.…

2 days ago