HTTP Proxy Logic Could Be Improved For JSON Credential Harvesting

[fin3ss3g0d]

Currently, in line 436 of core/http_proxy.go the logic checks if a HTTP request's Content-Type header matches application-json exactly before checking for submitted credentials. If this check fails, any checks for the credential regex will not be performed. This creates an issue for websites that let's say send a application/json;charset=utf-8 as the Content-Header in the request containing credentials. Below is the current code:

if contentType == "application/json" {
...
}

json credential harvesting could be expanded and applied to more use cases with the following check:

if strings.Contains(strings.ToLower(contentType), "application/json")  {
...
}

Or even the below to ensure it will never get missed:

if strings.Contains(strings.ToLower(contentType), "json")  {
...
}

[M41KL-N41TT]

761

[Support-1535]

Hello! If you were already able to resolve your doubts and achieve your goals, close the issue so that we know which ones are pending.

Thank you!

[fin3ss3g0d]

This hasn't been resolved in the current code and impacts credential harvesting. If there is no plan to fix it or a refusal to, that can be stated here and this can be closed. Until then, this is still an open issue.

[Support-1535]

If you want to suggest any changes in the code, you can open a pull request https://github.com/kgretzky/evilginx2/pulls

https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request

[fin3ss3g0d]

This issues section is so large that bots needed to be created for it smh. Just fix the code with a commit, it's one line that needs to be changed.