added ability to force JSON parameters as boolean

[callightmn]

Hello,

Currently, Evilginx only force posts JSON parameter values as string but it may happen that the server expects values of a certain type only (boolean in my case). I added an optional type parameter in the force section of force_post to be able to later cast the injected value in SetJSONVariable.

For now, only booleans and strings (which is the default not to break backward compatibility) are supported but integers may be a good addition for instance. The code should be relatively simple to patch to add new types:

• add a switch case in SetJSONVariable and call the adequate method from strconv
• add to the condition to support other values for *op_f.Type

Phishlet snippet:

  - path: '/api/users.login'
    search:
      - {key: 'token', search: '.*'}
    force:
      - {key: 'trusted', value: 'true', type: "boolean"}
    type: 'json'

Current and default behavior (without type or type: "string") - modified request (from Evilginx to remote site):

Expected behavior (with snippet above) - modified request (from Evilginx to remote site):

[matejsmycka]

Hi, could you also open a pull request to our fork at https://github.com/CSIRT-MU/evilginx2? I’m not sure if the maintainer is actively updating this version.