forked from HuskyHacks/clarion
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathserverless.py
37 lines (32 loc) · 1.44 KB
/
serverless.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
from flask import Flask, request, send_file
##if Teams webhook alerting wanted - uncomment below :
#import pymsteams
#myTeamsMessage = pymsteams.connectorcard("<Microsoft Webhook URL>") #replace with Teams Webhook URL
global filename = "warning.png" #Debug
allowed_referers = [
'login.microsoftonline.com',
'login.microsoft.net',
'login.microsoft.com',
'autologon.microsoftazuread-sso.com',
'tasks.office.com',
'login.windows.net']
app = Flask(__name__)
@app.route('/companyBranding.png', methods=['GET'])
def pixel():
referer_header = str(request.headers.get('Referer'))
referer_header = referer_header.replace("https://","").replace("/","")
if (referer_header not in allowed_referers) and (referer_header is not None) and (len(referer_header) > 1):
print(f"[!] Non-Microsoft referer header detected: {referer_header}")
print(f"[*] Referer header (AitM): {referer_header}")
#requester_ip = request.remote_addr #To fix.
#print(f"[*] Requester IP (user logging in): {requester_ip}") #To Fix.
#Teams Webhook#
#myTeamsMessage.text(f"[*] Referer header (AitM): {referer_header}")
#myTeamsMessage.send()
return send_file('warning.png', mimetype='image/png',as_attachment=False)
else:
return send_file('safe.png', mimetype='image/png',as_attachment=False)
def main():
app.run(debug=True)
if __name__ == "__main__":
main()