Added config flag to send captured credentials to Gophish

[callightmn]

Hello there,

By default, Evilginx does not send session information to Gophish. This is on purpose not to expose credentials and keep them in Evilginx only. Nevertheless, having credentials readily available in Gophish could be a nice feature to have everything in the dashboard, provided Gophish's admin interface is properly secured (behind a firewall for instance). I made it an opt-in feature to keep the default behavior.

Default behavior (or after config gophish sessions false in Evilginx' terminal):

After config gophish sessions true in Evilginx' terminal:

The feature takes into account all three types of credentials (username, password and custom) and all three types of auth_tokens (cookies, body and HTTP tokens).

NB: Actually displaying session info in Gophish requires the ability for Gophish to receive session information (see kgretzky/gophish#1). The Gophish update was done by @nairpaa, who also did a similar update for Evilginx but without the opt-in and not supporting cookie tokens. I merged his changes with mine as he wrapped the session info into a single generic data member, which is cleaner on the wire (instead of having potentially null members, unrelated to the event being sent by Evilginx).

[callightmn]

Update: linked to kgretzky/gophish#4, which adds a /session endpoint to Gophish and a "Captured Sessions" chart, and no longer to kgretzky/gophish#1. Credentials are also sent as they are captured, not waiting for the whole session to be completely captured (session tokens are however sent only when the session is fully captured: either authorization URL or all tokens intercepted).