Banner and 'tracking_param' added. Fixed bug with fixed address

.devcontainer/devcontainer.json

@@ -16,7 +16,8 @@
             "extensions": [
                 "ms-python.python",
                 "ms-azuretools.vscode-docker",
-                "ms-python.debugpy"
+                "ms-python.debugpy",
+                "github.vscode-github-actions"
             ]
         }
     },

Maitm/Maitm.py

@@ -43,10 +43,17 @@ def __init__(self,config_file=None,only_new=True,forward_emails=False,logfile="l
         self.date_limit = self.config["filter"]["date_limit"] if "date_limit" in self.config["filter"].keys() else None
         # Set the ignore_seen flag to ignore emails that have been already read by this script
         self.ignore_seen = self.config["filter"]["ignore"]["ignore_seen"] if "ignore_seen" in self.config["filter"]["ignore"].keys() else False
-        self.spoof_sender=self.config["misc"]["sender"]["spoof"]
-        self.fixed_sender=self.config["misc"]["sender"]["fixed"]
-        self.poll_interval = self.config["misc"]["poll_interval"]
-        self.tracking_url = self.config["injections"]["tracking_url"]
+        self.spoof_sender=self.config["misc"]["sender"]["spoof"] if "spoof" in self.config["misc"]["sender"].keys() else False
+        self.fixed_sender=self.config["misc"]["sender"]["fixed"] if "fixed" in self.config["misc"]["sender"].keys() else None
+        self.poll_interval = self.config["misc"]["poll_interval"] if "poll_interval" in self.config["misc"].keys() else 60
+        self.tracking_url = self.config["injections"]["tracking_url"] if "tracking_url" in self.config["injections"].keys() else None
+        self.tracking_param = self.config["misc"]["tracking_param"] if "tracking_param" in self.config["misc"] else "customerid"
+        if "smtp" in self.config["auth"]["send"]:
+            self.authenticated_username = self.config["auth"]["send"]["smtp"]["username"]
+        elif "oauth2legacy" in self.config["auth"]["send"]:
+            self.authenticated_username = self.config["auth"]["send"]["smtp"]["email"]
+        else:
+            self.authenticated_username = None
 
         # Populate the bells
         self.build_bells()
@@ -596,7 +603,7 @@ def replace_all_links_html(self,replacement,content: bytes,charset=None):
     def replace_links_html(self,id,content: bytes,charset=None):
         # Inline function to prepare the replacement URL
         def get_replacement_url(pl,id):
-            params = {'customerid':id}
+            params = {self.tracking_param:id}
             prepared_url = PreparedRequest()
             prepared_url.prepare_url(pl, params)
             return prepared_url.url
@@ -618,7 +625,7 @@ def get_replacement_url(pl,id):
 
     # Inline function to prepare the replacement URL
     def get_replacement_url(self,url,id):
-        params = {'customerid':id}
+        params = {self.tracking_param:id}
         prepared_url = PreparedRequest()
         prepared_url.prepare_url(url, params)
         return prepared_url.url
@@ -870,8 +877,8 @@ def forward_message(self,msg: PythonEmailMessage):
                 fake_msg.replace_header("From",msg["from"]) # .name+" <"+msg.from_values.email+">"
             elif(self.fixed_sender is not None):
                 fake_msg.replace_header("From",self.fixed_sender)
-            elif(self.smtp_connection.user is not None):
-                fake_msg.replace_header("From",self.smtp_connection.user) # TODO: Get the user from the mailmanager object instead of the SMTP connection
+            elif(self.authenticated_username is not None):
+                fake_msg.replace_header("From",self.authenticated_username) 
             else:
                 fake_msg.replace_header("From","Max Headroom <[email protected]>")
 

config/injections.yml

@@ -7,6 +7,6 @@ links:
   #office.com: https://www.bing.com/search?q=a+squirrel
   #google.com: https://www.bing.com/search?q=a+zebra 
 headers:
-  X-Added-Header: "This is my injected header"
+  X-Added-Header: "This is my injected header" # Disclaimer: If you use Exchange 365, it will remove headers
 tracking_url: "https://yourtrackingpixeldomain.com/path.html?param=1"
 unc_path: "\\\\1.1.1.1\\images\\xxxxx.png"

config/misc.yml

@@ -2,5 +2,6 @@ fixed_destinations:
   - [email protected]
 sender: 
   spoof: False
-  fixed: "Microsoft Security <[email protected]>"
-poll_interval: 60
+  # fixed: "Microsoft Security <[email protected]>"
+poll_interval: 120
+tracking_param: 'customerid'

mail-in-the-middle.py

@@ -40,11 +40,34 @@ def parse_arguments():
 
     return parser.parse_args()
 
+def get_version():
+    v = "vX.X.X"
+    with open("version","r") as f:
+        v = f.readlines()[0].strip()
+    return v
+
+def banner():
+    b = """
+███╗   ███╗ █████╗ ██╗████████╗███╗   ███╗
+████╗ ████║██╔══██╗██║╚══██╔══╝████╗ ████║
+██╔████╔██║███████║██║   ██║   ██╔████╔██║
+██║╚██╔╝██║██╔══██║██║   ██║   ██║╚██╔╝██║
+██║ ╚═╝ ██║██║  ██║██║   ██║   ██║ ╚═╝ ██║
+╚═╝     ╚═╝╚═╝  ╚═╝╚═╝   ╚═╝   ╚═╝     ╚═╝  %s
+
+Man in the Middle, but for Mails
+Author: Felipe Molina de la Torre (@felmoltor)
+Original idea: Willem Mouton (@_w_m__), continued by Szymon Zilokowski (@TH3_GOAT_FARM3R)
+
+"""
+    print(b % get_version())
+
 ########
 # MAIN #
 ########
 
 def main():
+    banner()
     # Parse options
     arguments=parse_arguments()    
     # Check if the config path is relative

version

@@ -0,0 +1 @@
+v0.2.4