You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Feature: TLS certificates from LetsEncrypt will now get automatically renewed.
Feature: Automated retrieval and renewal of LetsEncrypt TLS certificates is now managed by certmagic library.
Feature: Authentication tokens can now be captured not only from cookies, but also from response body and HTTP headers.
Feature: Phishing pages can now be embedded inside of iframes.
Feature: Changed redirection after successful session capture from Location header redirection to injected Javascript redirection.
Feature: Changed config file from config.yaml to config.json, permanently changing the configuration format to JSON.
Feature: Changed open-source license from GPL to BSD-3.
Feature: Added always modifier for capturing authentication cookies, forcing to capture a cookie even if it has no expiration time.
Feature: Added phishlet <phishlet> command to show details of a specific phishlet.
Feature: Added phishlet templates, allowing to create child phishlets with custom parameters like pre-configured subdomain or domain. Parameters can be defined anywhere in the phishlet file as {param_name} and every occurence will be replaced with pre-configured parameter values of the created child phishlet.
Feature: Added phishlet create command to create child phishlets from template phishlets.
Feature: Renamed lure templates to lure redirectors due to name conflict with phishlet templates.
Feature: Added {orig_hostname} and {orig_domain} support for sub_filters phishlet setting.
Feature: Added {basedomain} and {basedomain_regexp} support for sub_filters phishlet setting.
Fixed: One target can now have multiple phishing sessions active for several different phishlets.
Fixed: Cookie capture from HTTP packet response will not stop mid-term, ignoring missing opt cookies, when all authentication cookies are already captured.
Fixed: trigger_paths regexp will now match a full string instead of triggering true when just part of it is detected in URL path.
Fixed: Phishlet table rows are now sorted alphabetically.
Fixed: Improved phishing session management to always create a new session when lure URL is hit if session cookie is not present, even when IP whitelist is set.
Fixed: WebSocket connections are now properly proxied.
