search

kgretzky / evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
10.23k stars 1.87k forks source link

added support for force_post for json parameters #1023

Closed yudasm closed 3 months ago

yudasm commented 3 months ago

Added support for force_post for json parameters (supported only regular http parameters)

Useful for intercepting requests to URLs such as /common/GetCredentialType which are used to initiate Windows Hello for Business auth flow Blog post will be published soon on this subject

The following force_post section can now alter the API post request and modify it on the fly, something that could not be done beforehand due to limitations with modifications of JSON params.

  - path: '/common/GetCredentialType'
    search:
      - {key: 'isFidoSupported', search: '.*'}
    force:
      - {key: 'isFidoSupported', value: 'false'}
    type: 'post'
kgretzky commented 3 months ago

Thank you, Yehuda! This is an amazing addition and for sure a feature that has been missing for too long!