search

hash3liZer / evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
GNU General Public License v3.0
101 stars 40 forks source link

Lures and Phishlets UI/UX Feature Suggestion #16

Open basebandit opened 3 years ago

basebandit commented 3 years ago

DO NOT ASK FOR PHISHLETS.

DO NOT ASK FOR HELP CREATING PHISHLETS.

DO NOT ASK TO FIX PHISHLETS.

DO NOT ADVERTISE OR TRY TO SELL PHISHLETS.

EXPECT A BAN OTHERWISE. THANK YOU!

REPORT ONLY BUGS OR FEATURE SUGGESTIONS.

I have a feature suggestion with regards to the UI/UX of the tool. I have noticed that previously we were used to using the phishlets command to set up phishlets including exposing them to the public. However with the previous release 2.3.0 codenamed phisherman's dream most of the phishlets commands were moved over to a new command called lures, however some of the key functionalities that were achieved with phishlets command still are and work well even with the lures command handling the same.

For example: when creating/assigning a hostname to a phishlet, you can use both lures edit <id> hostname <hostname> command as well as the good old phishlets hostname <phishlet> <hostname> command. However the hostname you assign using either of the commands is not transparent or visible to both of the commands for example. the hostname set using phishlets hostname <phishlet> <hostname> sub command is different from the hostname set by the lures edit <lure_id> hostname <hostname> subcommand, when ideally both should affect/manipulate the same hostname storage/variable. Am therefore suggesting to unify the ui/ux by separating the usages of both commands. Let phishlets commands be used for setting up phishlets like before (this includes changing hostnames and requesting for ssl certificates) and lures command be for creating/managing phishing links lures that are generated from the enabled phishlets, this way we can avoid confusion where both commands seem to achieve the same goal but in different ways. Attached here is a screenshot to elaborate further the above. phishlets_vs_lures_hostname Both commands set different hostnames for the same phishlet lures_hostname

JamesCullum commented 3 years ago

I see, it's a good point - didn't know the phishlets have this option. Anyone wants to take a shot?

basebandit commented 3 years ago

I will.