search

hash3liZer / evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
GNU General Public License v3.0
101 stars 40 forks source link

List and Search Blacklist IP Addresses #18

Open basebandit opened 3 years ago

basebandit commented 3 years ago

This PR adds three features to the blacklist command. One can now:

JamesCullum commented 3 years ago

Is it finished and tested? Can you add tests for all new commands?

Please also make sure that all checks pass.

basebandit commented 3 years ago

Is it finished and tested? Can you add tests for all new commands?

Please also make sure that all checks pass.

Sure will do.

basebandit commented 3 years ago

Let me add tests for the new blacklist features.Had tested them manually. oops!

JamesCullum commented 3 years ago

This condition is a bit useless: test.assertLogContains("", "Can list blacklisted ips") //we expect none at first since blacklist mode is off

Also keep in mind that you need to clear the log for assertions, if they could potentially be contained in previous responses.

As this test does not require the login flow, can you put it in a different test case, so that it can potentially be run in parallel? Would be great if you could as well add a test case that checks if the blacklist actually blocks a user (eg blocking localhost, surfing and verifying that the connection fails, then unblocking and trying again).

basebandit commented 3 years ago

This condition is a bit useless: test.assertLogContains("", "Can list blacklisted ips") //we expect none at first since blacklist mode is off

Also keep in mind that you need to clear the log for assertions, if they could potentially be contained in previous responses.

As this test does not require the login flow, can you put it in a different test case, so that it can potentially be run in parallel? Would be great if you could as well add a test case that checks if the blacklist actually blocks a user (eg blocking localhost, surfing and verifying that the connection fails, then unblocking and trying again).

Found this error today when running the tests. I am not sure about the username, earlier the tests were passing but after testing for the third time in a row, this came up. invalid_login I have logged the contents of the response body

JamesCullum commented 3 years ago

Looks like it should pass - maybe thats due to some local constraints?