starred/evilginx2-kgretzky
1
0
Fork 0
mirror of https://github.com/kgretzky/evilginx2.git synced 2026-04-25 00:36:10 +03:00
Code Issues 87 Projects Releases 8 Packages Wiki Activity

[PR #1164] added ability to force JSON parameters as boolean #183

New issue
Open
opened 2026-02-26 02:31:31 +03:00 by kerem · 0 comments
kerem commented 2026-02-26 02:31:31 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/kgretzky/evilginx2/pull/1164
Author: @callightmn
Created: 2/7/2025
Status: 🔄 Open

Base: masterHead: feature/force_json_tp

📝 Commits (2)

  • f09c8f9 added ability to force_post JSON parameters as boolean
  • 3f98214 fix: check type when forcing JSON parameter

📊 Changes

2 files changed (+49 additions, -29 deletions)

View changed files

📝 core/http_proxy.go (+35 -27)
📝 core/phishlet.go (+14 -2)

📄 Description

Hello,

Currently, Evilginx only force posts JSON parameter values as string but it may happen that the server expects values of a certain type only (boolean in my case). I added an optional type parameter in the force section of force_post to be able to later cast the injected value in SetJSONVariable.

For now, only booleans and strings (which is the default not to break backward compatibility) are supported but integers may be a good addition for instance. The code should be relatively simple to patch to add new types:

  • add a switch case in SetJSONVariable and call the adequate method from strconv
  • add to the condition to support other values for *op_f.Type

Phishlet snippet:

  - path: '/api/users.login'
    search:
      - {key: 'token', search: '.*'}
    force:
      - {key: 'trusted', value: 'true', type: "boolean"}
    type: 'json'

Current and default behavior (without type or type: "string") - modified request (from Evilginx to remote site):

image

Expected behavior (with snippet above) - modified request (from Evilginx to remote site):

image

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/kgretzky/evilginx2/pull/1164 **Author:** [@callightmn](https://github.com/callightmn) **Created:** 2/7/2025 **Status:** 🔄 Open **Base:** `master` ← **Head:** `feature/force_json_tp` --- ### 📝 Commits (2) - [`f09c8f9`](https://github.com/kgretzky/evilginx2/commit/f09c8f95d5d6b1e49b4e4dc9c161c4936c4f265e) added ability to force_post JSON parameters as boolean - [`3f98214`](https://github.com/kgretzky/evilginx2/commit/3f9821491d97bc1b37907e91f1f5ac7fdf316fc0) fix: check type when forcing JSON parameter ### 📊 Changes **2 files changed** (+49 additions, -29 deletions) <details> <summary>View changed files</summary> 📝 `core/http_proxy.go` (+35 -27) 📝 `core/phishlet.go` (+14 -2) </details> ### 📄 Description Hello, Currently, Evilginx only force posts JSON parameter values as string but it may happen that the server expects values of a certain type only (boolean in my case). I added an optional `type` parameter in the `force` section of `force_post` to be able to later cast the injected value in `SetJSONVariable`. For now, only booleans and strings (which is the default not to break backward compatibility) are supported but integers may be a good addition for instance. The code should be relatively simple to patch to add new types: - add a switch case in `SetJSONVariable` and call the adequate method from strconv - add to the condition to support other values for `*op_f.Type` Phishlet snippet: ``` - path: '/api/users.login' search: - {key: 'token', search: '.*'} force: - {key: 'trusted', value: 'true', type: "boolean"} type: 'json' ``` Current and default behavior (without `type` or `type: "string"`) - modified request (from Evilginx to remote site): <img width="1337" alt="image" src="https://github.com/user-attachments/assets/5184d8cc-b2be-4e04-ab76-fa5630f2cd57" /><br> Expected behavior (with snippet above) - modified request (from Evilginx to remote site): <img width="1349" alt="image" src="https://github.com/user-attachments/assets/46b91c75-4b63-4f09-ba40-4f41715e2cfb" /> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dependabot/go_modules/golang.org/x/net-0.7.0
dependabot/go_modules/github.com/tidwall/gjson-1.9.3
dependabot/go_modules/github.com/miekg/dns-1.1.25
dev
v3.3.0
v3.2.0
v3.1.0
v3.0.0
2.4.0
2.3.0
2.2.0
2.0.0
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/evilginx2-kgretzky#183
No description provided.