Added Dropbox Phishlet

[charlesbel]

Fully working !

[ghost]

This doesn't work or at least isn't working anymore.

1. There are obvious JS checks that aren't replaced. The checks don't block login per se but may affect other things.

n.assertDropboxDomain = function (e) {
    var n = document.createElement('a');
    n.href = e;
    var t = n.hostname || window.location.hostname;
    if ( - 1 === t.indexOf('.dropbox.com', t.length - '.dropbox.com'.length)) throw new Error('Cannot send the CSRF token to ' + t)
  }
})),

2. Importing cookies doesn't result in getting a logged in session. This is because evilginx's cookies have a different sameSite value from what Dropbox is expecting. Real: "sameSite": "no_restriction",, evilginx: "sameSite": null,. This issue may be due to the JS checks which aren't properly cleared, but I don't know for certain.

[charlesbel]

Thanks @tomabel
According to what you said, I fixed it and now cookies works well. Some of the things you said weren't true, but you helped me thanks.

[ghost]

Thanks @tomabel
According to what you said, I fixed it and now cookies works well. Some of the things you said weren't true, but you helped me thanks.

Cheers. I didn't focus too deep into this to test out my claims when commenting. Removed the incorrect details. Glad to hear you got it working.