Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var DefaultDialer = &RestrictedDialer{}
DefaultDialer is a global instance of a RestrictedDialer
Functions ¶
func Dialer ¶
Dialer returns a net.Dialer that restricts outbound connections to only the addresses allowed by the DefaultDialer.
func SetAllowedHosts ¶
func SetAllowedHosts(allowed []string)
SetAllowedHosts sets the list of allowed hosts or IP ranges for the default dialer.
Types ¶
type RestrictedDialer ¶
type RestrictedDialer struct {
// contains filtered or unexported fields
}
RestrictedDialer is used to create a net.Dialer which restricts outbound connections to only allowlisted IP ranges.
func (*RestrictedDialer) AllowedHosts ¶
func (d *RestrictedDialer) AllowedHosts() []string
AllowedHosts returns the configured hosts that are allowed for the dialer.
func (*RestrictedDialer) Dialer ¶
func (d *RestrictedDialer) Dialer() *net.Dialer
Dialer returns a net.Dialer that restricts outbound connections to only the allowed addresses over TCP.
By default, since Gophish anticipates connections originating to hosts on the local network, we only deny access to the link-local addresses at 169.254.0.0/16.
If hosts are provided, then Gophish blocks access to all local addresses except the ones provided.
This implementation is based on the blog post by Andrew Ayer at https://www.agwa.name/blog/post/preventing_server_side_request_forgery_in_golang
func (*RestrictedDialer) SetAllowedHosts ¶
func (d *RestrictedDialer) SetAllowedHosts(allowed []string) error
SetAllowedHosts sets the list of allowed hosts or IP ranges for the dialer.
Source Files