Problem with Cookie and DNT headers

[physics-sec]

PLEASE READ THE POSTING GUIDELINES AND ANSWER THE QUESTION BEFORE POSTING, OTHERWISE ISSUE WILL BE CLOSED AND MARKED AS INVALID

• I hereby declare the following issue is a [tool specific question/bug report] and it is NOT a help request about creating a phishlet.
• I am fully aware that this is not a customer support portal, I can't demand answers and I'm aware I am using a free tool.
• I am not going to use Evilginx to hax my girlfriend's account or use it for any other illegal purpose.
• I am not trying to set up a domain on FreeNOM (also read the sentence above again).
• I am not a robot. (Sorry, if you are an adult and a professional and you had to read this.)

Please type in "I CONFIRM" below if you confirm the sentences above or otherwise make some funny remark:

I CONFIRM

Thanks!

Hi! When a request is sent without cookies, the Cookie header is sent anyways with no cookies. Also, the DNT (Do Not Track) header is not capitalized correctly. Example:

GET /bar HTTP/1.1
Host: foo.com
Connection: close
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Cookie: 
Dnt: 1

The above request should look like this:

GET /bar HTTP/1.1
Host: foo.com
Connection: close
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
DNT: 1

Thanks!

[hash3liZer]

So, the Cookie header is sent anyways?

[physics-sec]

Yep, even if it is the first request and there are no cookies saved for that domain

[hash3liZer]

Ok, on it.

[MikeTrust]

Send me a message on Whatapp I will solve the issue +1 469-214-5180

[JamesCullum]

@physics-sp Can you use the latest version and retry if this fixes the issue?

The DNT header is not managed by the tool, so I will need to know more details (eg which website are you proxying) to see what exactly is the reason.

EDIT: Saw that you investigated and reported the DNT one as out-of-scope here

[physics-sec]

Yep, turns out that the capitalization thing is an "issue" with the proxy library, so there is not much to do about it I will test the Cookie thing and let you know.

[physics-sec]

Well, I'm kinda confused The Cookie header is no longer sent empty (so, is fixed?) The thing is that a cookie named aczP is sent in every request to the phihsing domin (and subdomains), which is set in the first request (to the lure url) Not sure what this cookie is used for, I don't see it in the real page.

[JamesCullum]

Hey physics,

great to hear that it's solved now. Evilginx creates session cookies to make sure that you are a visitor coming from a lure URL and not unauthorized. The name looks like this could be the randomly chosen name.

[physics-sec]

ooh ok, that makes sense, great then 😃