starred/evilginx2-kgretzky
1
0
Fork 0
mirror of https://github.com/kgretzky/evilginx2.git synced 2026-04-25 00:36:10 +03:00
Code Issues 87 Projects Releases 8 Packages Wiki Activity

[PR #1157] added abitlity to inject scripts in head or body #178

New issue
Open
opened 2026-02-26 02:31:30 +03:00 by kerem · 0 comments
kerem commented 2026-02-26 02:31:30 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/kgretzky/evilginx2/pull/1157
Author: @callightmn
Created: 1/19/2025
Status: 🔄 Open

Base: masterHead: feature/js_head

📝 Commits (2)

  • 2700c50 fix: inject script in head section to increase performances
  • 0ae165e added location parameter to inject in either 'head' or 'body' (default)

📊 Changes

2 files changed (+20 additions, -10 deletions)

View changed files

📝 core/http_proxy.go (+5 -5)
📝 core/phishlet.go (+15 -5)

📄 Description

Hi,

This PR adds the ability to inject JS scripts at the end of the <head> section instead of the <body> section, which may be useful to execute the script before the page finishes loading. For instance, recently, I tried to deactivate a button but since the page took quite some time to load completely, most users could still click on the button because my injected script had not yet been executed. The default behavior is still to inject at the bottom of the body section but I added an optional location parameter in js_inject to pick 'head' or 'body':

Phishlet snippet:

js_inject:
  - trigger_domains: ["akira.lab.evilginx.com"]
    trigger_paths: ["/"]
    location: "head"
    script: |
      function lp() {
        checkbox = document.querySelector("#rememberCheck");
        if (checkbox != null) {
          checkbox.checked = true;
          return;
        }
        setTimeout(lp, 100);
      }
      lp();

Injecting in head (location: 'head'):

image

Injecting in body (location: 'body' or no location):

image

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/kgretzky/evilginx2/pull/1157 **Author:** [@callightmn](https://github.com/callightmn) **Created:** 1/19/2025 **Status:** 🔄 Open **Base:** `master` ← **Head:** `feature/js_head` --- ### 📝 Commits (2) - [`2700c50`](https://github.com/kgretzky/evilginx2/commit/2700c50fbb23581ac0f8c09743c0be7652344219) fix: inject script in head section to increase performances - [`0ae165e`](https://github.com/kgretzky/evilginx2/commit/0ae165e2530d638b9d14990abde73a69e16e18f8) added `location` parameter to inject in either 'head' or 'body' (default) ### 📊 Changes **2 files changed** (+20 additions, -10 deletions) <details> <summary>View changed files</summary> 📝 `core/http_proxy.go` (+5 -5) 📝 `core/phishlet.go` (+15 -5) </details> ### 📄 Description Hi, This PR adds the ability to inject JS scripts at the end of the `<head>` section instead of the `<body>` section, which may be useful to execute the script before the page finishes loading. For instance, recently, I tried to deactivate a button but since the page took quite some time to load completely, most users could still click on the button because my injected script had not yet been executed. The default behavior is still to inject at the bottom of the body section but I added an optional `location` parameter in `js_inject` to pick 'head' or 'body': Phishlet snippet: ``` js_inject: - trigger_domains: ["akira.lab.evilginx.com"] trigger_paths: ["/"] location: "head" script: | function lp() { checkbox = document.querySelector("#rememberCheck"); if (checkbox != null) { checkbox.checked = true; return; } setTimeout(lp, 100); } lp(); ``` Injecting in head (`location: 'head'`): ![image](https://github.com/user-attachments/assets/5667ce95-90c5-405c-9e3f-4ca5db8dc88f) Injecting in body (`location: 'body'` or no location): ![image](https://github.com/user-attachments/assets/4269a4bc-46be-4978-9d77-91d043f8a36d) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dependabot/go_modules/golang.org/x/net-0.7.0
dependabot/go_modules/github.com/tidwall/gjson-1.9.3
dependabot/go_modules/github.com/miekg/dns-1.1.25
dev
v3.3.0
v3.2.0
v3.1.0
v3.0.0
2.4.0
2.3.0
2.2.0
2.0.0
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/evilginx2-kgretzky#178
No description provided.