Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Add the ability to find and replace a value inside the force_post key-pair.
This would work in the following way:
First, look for a key-value pair in the POST request body. If a match is found, then look for a particular string pattern inside the value of the key-pair. If the search string is found inside the value, replace only the part of the data that matches - otherwise operate as normal and replace the entire key-value pair.
Hopefully that makes sense. Let me know if any clarification is needed.
path (regexp): Regular expression to match the URL path the intercepted POST request will be sent to.
search: Trigger POST arguments. ALL of the defined here POST arguments must be present in the POST request, for the POST arguments to be inserted or replaced.
key (regexp): Regular expression to match the POST argument key.
search (regexp): Regular expression to match the POST argument value.
force: List of POST arguments to insert or replace in intercepted POST request.
key (string): Name of the POST argument.
search (regexp): Regular expression to match the value inside the specified key.
value (string): Value of the POST argument.
type (string): Type of the POST request to handle. Currently only post is supported.
Add the ability to find and replace a value inside the force_post key-pair.
This would work in the following way:
First, look for a key-value pair in the POST request body. If a match is found, then look for a particular string pattern inside the value of the key-pair. If the search string is found inside the value, replace only the part of the data that matches - otherwise operate as normal and replace the entire key-value pair.
Hopefully that makes sense. Let me know if any clarification is needed.
Documentation that needs to be updated: