Closed peaillaud closed 4 years ago
change your subfilters like e.g. search: 'https://{hostname}/signin/', replace: 'https://{hostname}/signin/' it will solve your problem.
Or try and build your own phishlet from scratch
change your subfilters like e.g. search: 'https://{hostname}/signin/', replace: 'https://{hostname}/signin/' it will solve your problem.
Where are the changes between the search and the replace ?
@aillaudpe replace
@Anonymoushawk that's exactly where I thought the issue was last week, I tried replacing it with various strings but never got pass that. It's either loading or it's not even going to load at all for me
Login path... Check that
Login path... Check that
I checked Google Chrome console and it would come from a problem from a request to play.google.com (play.{hostname}.com with custom dns) but yet it should work because the hosts for the google phishlet include play.google.com... I don't get it
And sorry for my bad english
Open Google login page in your browser and copy the url then replace with what you have in your phishlet under the login path section
Same, I checked in burp, replaced the login with every url that was captured and yet still no luck lol. I don't know what else is there or not. The only extra url I see there is youtube check, but that shouldn't have any effect on it
@An0nUD4Y Same thing again.
@peaillaud @horllste @petr209 @Anonymoushawk The Issue originates from the internal javascript which is used to make request on the fly while signing in. It's not related to play.google.com
. I've fixed those console errors regarding play.google.com
. But the actual issue is when the AJAX request is made with a different payload. The payload from the original site and from the proxied site is way too much different. The request would work fine when payload from the original request is used. So, that's where the problem is. The javascript part is highly obfuscated at the point. If you have any further solutions on this, open up a new issue.
Please , google phishlets don't work for me.any update of that.thanks.
Hi, I am using your Google phishlet. It works pefectly but there is a problem : I can enter my phishing website without any issue, but when I enter my Google username and I click on "next", the page where I am supposed to enter my password doesn't load... Like that : The blue line loads again and again... My VPS is located in the USA. Can someone help me ? Thank you