Open Lolozendev opened 2 months ago
There is custom optional header, see https://help.evilginx.com/docs/phishlet-format#credentials. I used it both user with TOTP and no MFA.
Maybe I didn't understand correctly but I thought if I add a custom header it would be a mandatory header, not an optional one.
No, it is not mandatory.
Wouldn't it be interesting to add a 'OR' type of search instead of 'AND' (optional key fields) , for example let's say my credentials fields looks like this in my phislet:
but sometime my user has a 2fa or a pin I wanna capture and that depends if he has enabled the 2fa/pin feature. maybe it could be interesting to add some keys/field that can be optionality present and captured if they exist
credentials wouldn't be the only field that would benefits from this feature.