Capture credentials in multipart/form-data
This PR adds support to :
Capture credentials in multipart POST requests (with
type: 'post/multipart'incredentialssection)Fix: Prevent conflicts between captured credentials of different types with the same name (matching the same regex/key)
Patch URL (from phishing to original)
Force parameters (with
type: 'post/multipart'inforce_postsection)Proxy incoming files (if any, even though it may not be useful in proxying login requests)
Capture creds:
Phishlet section:
credentials:
username:
key: 'email'
search: '(.*)'
type: 'post/multipart'
password:
key: 'code'
search: '(.*)'
type: 'post/multipart'Request:
Evilginx:
NB: As said above, incoming phishing URLs will be converted to original/legitimate ones similarly to what is done for regular POST requests (application/x-www-form-urlencoded). Files (if any) are also proxied. The resulting Content-Length is computed by creating a new multipart body (with the same boundary).
Force parameters:
Phishlet section:
force_post:
- path: '/api/signup.checkEmail'
search:
- {key: 'email', search: '.*'}
force:
- {key: 'email', value: '[email protected]'}
type: 'post/multipart'Incoming request (sent by the browser to Evilginx through Burp):
Outgoing request (sent by Evilginx to the original site through Burp):
NB: Parameter names for files can be used as search key but the value will be ignored.
Last updated
Was this helpful?