Enhancement: cookie in admin panel about modlishka HOT 13 CLOSED

thanks, happy to hear that :-)

this is something that I am working on (also testing different approaches), since capturing a precise state of the cookie jar for the whole domain isn't that easy. At the moment you can rely on cookies that are written to the logfile and I will soon add an option to get a them through the control panel.

from modlishka.

If I'm being rational:

1. Phish domain > control panel > copy all cookies from origin in JSON
2. Replace cookies for origin application with those on clip board
3. Access origin application in context of affected user

However, I may be oversimplifying this @drk1wi. Unsure as what the members that are required for the JSON object to be imported.

I'm going to get cracking at GO as soon as I get all my projects written up so that I can contribute instead of theorizing. Modlishka has helped make my reports longer due to success ;)

from modlishka.

Unsure. Haven't had a chance to peek at the code yet. I suspect it'll be a change to the control panel plugin, assuming it accesses the DB directly.

from modlishka.

Hi,
It would be useful to make a text substitution module on the fly. For example, on a phishing domain, you need to replace the text phrase with your own. Or a series of phrases. For convenience, one could use the file (or in the module body itself) to enter a list of replacements.
"word that needs to be replaced": "new word"

from modlishka.

@ciberx this is already implemented. check out the https://github.com/drk1wi/Modlishka/wiki/How-to-use (rules parameter)

from modlishka.

It would be awesome if there were a button in the control panel to copy all cookies to the clipboard in JSON format to support easy session hijacking via browser extensions like CookieBro.

from modlishka.

@Arch4ngel that's an interesting option, but through the phishing domain or the target one?

from modlishka.

@Arch4ngel you want to import cookies like the evilginx?

from modlishka.

@CyberTheReape yes, quite like EG2.

from modlishka.

İ did try with cookies , i did not do it..

But if you edit cookies like the evilginix , maybe you can import it...

from modlishka.

It would be great if the cookies were on the panel.or download link will appear in the panel and it would be great to download and import the json file

from modlishka.

Definitely doable. I can add a JSON download option for each user (format would be based on the CookieJar struct? - would that be useful?)

At the moment cookies are retrieved from the 'set-cookie' HTTP responses (that's also the reason why it is labeled as 'beta'), but if we want to have a precise snapshot of the browsers cookie jar, we could also update the relevant UUID cookie jar entries based on HTTP requests (in case there's a cookie that was created via a JS).

from modlishka.

I don't know exactly..
because each program's import properties are different.need to specify a program to import cookies before.then you should try to set cookies according to the program you selected.Cookie programs that can work with the .json extension..

from modlishka.