Unable to redirect post token capture

[srikwit]

I have provided the request URL as "/test" to redirect to in my config.

I am able to trigger the redirect from the authorization tokens but end up in an loop with the messages: unauthorized request redirection URL set to: "subdomain.domain.com/test"

The page never redirects and I am stuck at the post authentication page.

I have reused the existing sub filters:

  - {triggers_on: 'subdomain.domain.com', orig_sub: 'subdomain', domain: 'domain.com', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'application/json', 'application/javascript'], redirect_only: true }
  - {triggers_on: 'subdomain.domain.com', orig_sub: 'subdomain', domain: 'domain.com', search: 'href="https://{hostname}', replace: 'href="https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript'] }
  - {triggers_on: 'subdomain.domain.com', orig_sub: 'subdomain', domain: 'domain.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'application/json', 'application/javascript'] } 

and my proxy_hosts are as follows: {phish_sub: 'subdomain', orig_sub: 'subdomain', domain: 'domain.com', session: true, is_landing: true}

Kindly suggest how I can fix this issue.

[kgretzky]

Did you generate the phishing link with phishlets get-url phishlet_name? You may be opening a non-tokenized link, which redirects you to unauthorized redirection, which is a security measure.

[srikwit]

Yes, the phishlet has been generated using the command: phishlets get-url phishlet_name https://subdomain.domain.com/path

I use the URL generated after this step. Please let me know if I can provide additional data.

[kgretzky]

I think the issue is with redirecting to the URL that will automatically be replaced with a phishing URL and that's why you get the redirection loop. Try to set the redirect URL to something not related to the site you are phishing.