Remove EvilGinx2 IOC Header

[s1lvershad0w]

Current Behavior

• Affected file: http_proxy.go
• Header value that could be a possible IOC: e := []byte{208, 165, 205, 254, 225, 228, 239, 225, 230, 240}
• This value decodes to : X-Evilginx

Possible Solution

Remove setting this header : req.Header.Set(string(e), e_host) by deleting lines 613 to 617

Steps to Reproduce

1. grep -in '0x88' .evilgophish/evilginx2/core/http_proxy.go
2. Copy the header value from the above line no.

3. Visit play.golang.org
4. Decode the header value with the below Go function:

   
   package main

import "fmt"

func main() { hg := []byte{208, 165, 205, 254, 225, 228, 239, 225, 230, 240}

for n, b := range hg {
    hg[n] = b ^ 0x88
}

fmt.Println(string(hg))

}

5. Click "Run"

[fin3ss3g0d]

Good find, that's sneaky! FYI I did not write that.

[s1lvershad0w]

Thanks, and yes he is haha.

Got burnt bad on my last Op, did some digging and found this. Hopefully it helps others.

On Tue, 14 Mar, 2023, 7:07 pm Dylan Evans, @.***> wrote:

Good find. Original author is an asshole for leaving this in there.

— Reply to this email directly, view it on GitHub https://github.com/fin3ss3g0d/evilgophish/issues/47#issuecomment-1468118971, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUBOEUZHDF2NACKTREXVV6DW4BYAHANCNFSM6AAAAAAV2C2ULY . You are receiving this because you authored the thread.Message ID: @.***>

[fin3ss3g0d]

Appreciate you pointing that out, it has been fixed in 186e8cfef5871c73d3dd553b9edb39ae24d06021