session.go - allow all keys to be optional for a domain

kgretzky / evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

BSD 3-Clause "New" or "Revised" License

10.62k stars 1.92k forks source link

session.go - allow all keys to be optional for a domain #730

Open bigbael opened 2 years ago

bigbael commented 2 years ago

Allow all keys to be optional for a target domain and allow a complete session to be detected. For example, using the following configuration snippet in a phishlet with other required auth_tokens:

domain: 'login.example.com' keys: ['key,opt']

ssl-user-en commented 2 years ago

doesn't work with google. I tried compiling the code. Doesn't capture any cookies.

bigbael commented 2 years ago

What was your phishlet configuration? I don't want to troubleshoot the phishlet, however, would like to ensure the code changes work in all valid configurations.