Add a feature to send caputed data to gophish.

[nairpaa]

Update parameter json from 'user_agent' to 'user-agent' to make gophish receive it (and export it).

[nairpaa]

Add a feature to send caputed data to gophish (Username, Password, and Token).

Need gophish update here.

[callightmn]

Hi there,

I got the same idea and made another set of PRs (for both evilginx and gophish) without realizing you already had the job done. Sorry about that, I just closed both (#1133 and kgretzky/gophish#3).

After discussing this (with Kuba himself), it would however be better to have this as an opt-in feature however to keep the default behavior of not exposing credentials to Gophish, which was done on purpose initially. Here's how I did to add the flag if you want to add to your PR: callightmn@bf9fb37.

PS: I can not do a PR on your repo since I already have a fork of Evilginx (strangely enough you cannot fork a fork of a repo you already forked... https://stackoverflow.com/questions/6675994/is-it-possible-to-fork-a-fork-in-github).

Cheers,

[callightmn]

Edit: Also I think you are missing session.CookieTokens, which holds the captured cookies. To have the legit cookies (not the verbatim captured ones), you can use (*Terminal).cookieTokensToJSON (see callightmn@bf9fb37#diff-b2dc582c2ddd0833db78227ddba6f9eeee5aab626125f33d93eb03062b530251R123). As a bonus, it will return a string you can directly add to your data.

[callightmn]

Hello again,

If alright with you, I merged your changes with mine and did a new PR for Evilginx, referencing your PR for Gophish.

I initially didn't wrap the session info into a single member which was not ideal because they are potentially many null fields (no body or http tokens, or custom parameters for instance) even when Evilginx sends its data to Gophish. In case the event is a click, the fields are just irrelevant so your ResultRequest was cleaner.