Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

added ability to force JSON parameters as boolean #1164

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

added ability to force JSON parameters as boolean #1164

wants to merge 2 commits into from

Conversation

callightmn
Copy link

Hello,

Currently, Evilginx only force posts JSON parameter values as string but it may happen that the server expects values of a certain type only (boolean in my case). I added an optional type parameter in the force section of force_post to be able to later cast the injected value in SetJSONVariable.

For now, only booleans and strings (which is the default not to break backward compatibility) are supported but integers may be a good addition for instance. The code should be relatively simple to patch to add new types:

  • add a switch case in SetJSONVariable and call the adequate method from strconv
  • add to the condition to support other values for *op_f.Type

Phishlet snippet:

  - path: '/api/users.login'
    search:
      - {key: 'token', search: '.*'}
    force:
      - {key: 'trusted', value: 'true', type: "boolean"}
    type: 'json'

Current and default behavior (without type or type: "string") - modified request (from Evilginx to remote site):

image

Expected behavior (with snippet above) - modified request (from Evilginx to remote site):

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@callightmn