Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
This feature adds the ability to define phishlet-specific redirect URLs in the phishlet's .yaml file.
If a phishlet-specific redirect URL is available for the current request's host it will supersede the global redirect URL.
Redirect URLs continue to work as normal otherwise.
When running multiple campaigns or phishlets it may be useful to have the ability to present different redirect pages for unauthorized requests. Presenting different redirect_url pages may help with limiting the association of the redirect_url page for one phishlet with the overall campaign.
This feature was built into the core/http_proxy.go/blockRequest() function as to modify as little as possible.
The core/phishlets.go file was modified to accept a new variable from the phishlet .yaml configuration.
struct Phishlet
struct ConfigPhishlet
func Clear
func LoadFromFile
The phishlets/example.yaml was also modified to include "https://example.com" as the example for the redirect_url parameter.
This feature adds the ability to define phishlet-specific redirect URLs in the phishlet's .yaml file. If a phishlet-specific redirect URL is available for the current request's host it will supersede the global redirect URL.
Redirect URLs continue to work as normal otherwise.
When running multiple campaigns or phishlets it may be useful to have the ability to present different redirect pages for unauthorized requests. Presenting different redirect_url pages may help with limiting the association of the redirect_url page for one phishlet with the overall campaign.
This feature was built into the core/http_proxy.go/blockRequest() function as to modify as little as possible.
The core/phishlets.go file was modified to accept a new variable from the phishlet .yaml configuration.
The phishlets/example.yaml was also modified to include "https://example.com" as the example for the redirect_url parameter.
Linked to feature request #915
Test Cases: