Implementing Basic Link Hijacking

Posted on October 13, 2017
Laravel Email Hijacking

A couple of days ago I did my first live-stream!!!! I went through implementing link hijacking in my bulk email service that I am working on.

Replacing The URLs #

It is pretty simple. Basically what I did was create a very simple regular expression that grabbed all the links in the email body.

$output = $this->content;

// this is to find urls in markdown links
$reg = "/\[[a-zA-Z0-9\-\_\.\s]+]\(([a-z0-9:\/\.\-\_]+)\)/"; 

preg_match_all($reg, $output, $matches);

Then I saved the urls in a links table:

$links = collect($matches[1])->map(function ($url) use ($lead) {
  return Link::create([
    'campaign_id' => $this->id,
    'lead_id' => $lead->id,
    'target' => $url,
  ]);
});

After that I replaced all instances of the URL with a custom URL generated by the link IDs:

foreach ($links as $link) {
  $output = str_replace($link->target, $link->getCustomUrl(), $output);
}

When a recipient clicks the link we take them to the custom URL (in this case http://tracky.dev/links/{link_id}) that redirects them the intended URL after incrementing a clicks column on the Link:

public function update(Link $link)
{
  $link->update(['clicks' => $link->clicks+1]);

  return redirect($link->target);
}

And that is it.

To Conclude #

It was my first live stream so the video will not be public. But this is a basic overview of how I added the feature I wanted.

If you have any questions about this article you can hit me up on Twitter @sampodlogar