Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
This feature adds the ability to define phishlet-specific redirect URLs in the phishlet's .yaml file.
If a phishlet-specific redirect URL is available for the current request's host it will supersede the global redirect URL.
Redirect URLs continue to work as normal otherwise.
When running multiple campaigns or phishlets it may be useful to have the ability to present different redirect pages for unauthorized requests. Presenting different redirect_url pages may help with limiting the association of the redirect_url page for one phishlet with the overall campaign.
This feature was built into the core/http_proxy.go/blockRequest() function as to modify as little as possible.
The core/phishlets.go file was modified to accept a new variable from the phishlet.yaml configuration.
struct Phishlet
struct ConfigPhishlet
func Clear
func LoadFromFile
The phishlets/example.yaml was also modified to include "example.com" as the example for the redirect_url parameter.
Linked to feature request #915
Test Cases:
note: this was tested against the master branch July 23rd
This feature adds the ability to define phishlet-specific redirect URLs in the phishlet's
.yaml
file. If a phishlet-specific redirect URL is available for the current request's host it will supersede the global redirect URL.Redirect URLs continue to work as normal otherwise.
When running multiple campaigns or phishlets it may be useful to have the ability to present different redirect pages for unauthorized requests. Presenting different
redirect_url
pages may help with limiting the association of theredirect_url
page for one phishlet with the overall campaign.This feature was built into the
core/http_proxy.go/blockRequest()
function as to modify as little as possible.The
core/phishlets.go
file was modified to accept a new variable from thephishlet.yaml
configuration.The
phishlets/example.yaml
was also modified to include "example.com" as the example for theredirect_url
parameter.Linked to feature request #915
Test Cases:
note: this was tested against the master branch July 23rd