forked from kgretzky/evilginx2
-
Notifications
You must be signed in to change notification settings - Fork 36
/
CHANGELOG
33 lines (28 loc) · 2.05 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
2.3.3
- Fixed: Multiple concurrent map writes when whitelisting IPs during heavy loads.
2.3.2
- ACMEv2 support added to comply with LetsEncrypt requirements.
- Fixed session cookie output to support EditThisCookie on the latest Chrome version.
- Increased timeouts for proxying HTTP packets to 45 seconds.
- Added support for Go modules.
2.3.1
- Redirection is now triggered only for responses with `text/html` content-type header.
2.3.0
- Proxy can now create most of required `sub_filters` on its own, making it much easier to create new phishlets.
- Added lures, with which you can prepare custom phishing URLs with each having its own set of unique options (`help lures` for more info).
- Added OpenGraph settings for lures, allowing to create enticing content for link previews.
- Added ability to inject custom Javascript into proxied pages.
- Injected Javascript can be customized with values of custom parameters, specified in lure options.
- Deprecated `landing_path` and replaced it with `login` section, which contains the domain and path for website's login page.
2.2.1
- Fixed: `type` with value `json` was not correctly activated when set under `credentials`.
2.2.0
- Now when any of `auth_urls` is triggered, the redirection will take place AFTER response cookies for that request are captured.
- Regular expression groups working with `sub_filters`.
- Phishlets are now listed in a table.
- Restructured phishlet YAML config file to be easier to understand (phishlets from previous versions need to be updated to new format).
- Phishlet fields are now selectively lowercased and validated upon loading to prevent surprises.
- All search fields in the phishlet are now regular expressions by default (remember about proper escaping!).
- Added option to capture custom POST arguments additionally to credentials. Check `custom` field under `credentials`.
- Added feature to inject custom POST arguments to requests. Useful when forcing users to tick that "Remember me" checkbox.
- Removed 'name' variable from phishlets. Phishlet name is now determined solely based on the filename.