evilginx2 icon indicating copy to clipboard operation
evilginx2 copied to clipboard
verified publisher icon kgretzky

[Feature suggestion] Would it be interesting to add a optional key field ?

Open Lolozendev opened this issue 1 year ago • 3 comments

Wouldn't it be interesting to add a 'OR' type of search instead of 'AND' (optional key fields) , for example let's say my credentials fields looks like this in my phislet:

credentials:
  username:
    key: 'login'
    search: '(.*)'
    type: 'post'
  password:
    key: 'password'
    search: '(.*)'
    type: 'post'

but sometime my user has a 2fa or a pin I wanna capture and that depends if he has enabled the 2fa/pin feature. maybe it could be interesting to add some keys/field that can be optionality present and captured if they exist

credentials:
  username:
    key: 'login'
    search: '(.*)'
    type: 'post'
  password:
    key: 'password'
    search: '(.*)'
    type: 'post'
  custom:
    - key: 'otp' #present only if the user as the 2fa enabled
      search: '(.*)'
      type: 'post'
      optional: True # specify that on request this argument maybe not exist and captures it only if it does

credentials wouldn't be the only field that would benefits from this feature.

Lolozendev avatar Apr 08 '24 10:04 Lolozendev

There is custom optional header, see https://help.evilginx.com/docs/phishlet-format#credentials. I used it both user with TOTP and no MFA.

matejsmycka avatar Apr 11 '24 13:04 matejsmycka

Maybe I didn't understand correctly but I thought if I add a custom header it would be a mandatory header, not an optional one.

Lolozendev avatar Apr 12 '24 09:04 Lolozendev

No, it is not mandatory.

matejsmycka avatar Apr 12 '24 20:04 matejsmycka