Request interception and HTTP token capture

This PR contains two quick fixes regarding request interception and HTTP token capture.

Request interception:

Likely a regression introduced by e3bef94, as the value of req.Host does not contain the phishing hostname anymore at the new location but holds the legitimate one. As a result, the comparison fails and the request is not intercepted.

HTTP token capture:

The header is indeed captured in the request (e,g,. Authorization header). I just added the check on the domain and path specified in the phishlet (v.domain and v.path).

PreviousConfig FLAG to send captured credentials to GoPHISH NextSet CUSTOM User-Agent for PHISHLETs

Last updated 9 months ago

Was this helpful?