StratoMusic
commented
5 years ago same error, server is in fr, dont know if thats an issue
Open EvilAdcid opened 5 years ago
StratoMusic
commented
5 years ago same error, server is in fr, dont know if thats an issue
JSheadache
commented
5 years ago When testing with master branch of evilginx2 and google.yaml by @ewhit I am able to get as far as username and password, however Google returns an error, "You are trying to sign in from a browser or app that doesn't allow us to keep your account secure.”
I tried this branch and phishlet out in hopes that the features would mitigate this issue. However I observed something similar to others in this post. The browser became 'stuck' and
POST /jserror HTTP/1.1
Host: accounts-google.com.
If anyone is interested to compare notes, you can drop me a line at zoomdeveloper@protonmail.com
Fummowo
commented
4 years ago When testing with master branch of evilginx2 and google.yaml by @ewhit I am able to get as far as username and password, however Google returns an error, "You are trying to sign in from a browser or app that doesn't allow us to keep your account secure.”
I tried this branch and phishlet out in hopes that the features would mitigate this issue. However I observed something similar to others in this post. The browser became 'stuck' and
POST /jserror HTTP/1.1 Host: accounts-google.com.
If anyone is interested to compare notes, you can drop me a line at zoomdeveloper@protonmail.com
I believe that you only get this error when using Google Chrome. From my testing, I can enter information on another browser such as edge without it detecting anything unusual.
Fummowo
commented
4 years ago Nevermind, i've just tried out @ewhit's version and although it grabs the username and password, whatever browser you are on, google manages to detect it and will not sign you in, meaning you don't receive a cookie.
horllste
commented
4 years ago That’s normal, study js bypass and you should be able to get pass it
petr209
commented
4 years ago I have the same issue, and I was tinkering around and found out that the problem is here : replace: 'accounts-google.com.{domain}',
I tried to change the accounts-google.com to many different strings and then it would go to the next page saying sorry your browser is not secure
horllste
commented
4 years ago You have to bypass js, read the other related issues
When I enter an account name and click "next" it will infinitely load with the blue bar at the top of the Google login box. There is no debug information besides this:
: 2019/10/12 13:46:33 [008] WARN: Cannot handshake client ssl.gstatic.com remote error: tls: unknown certificate 2019/10/12 13:46:34 [009] WARN: Cannot handshake client play.google.com remote error: tls: unknown certificate 2019/10/12 13:46:34 [010] WARN: Cannot handshake client accounts.google.com remote error: tls: unknown certificate 2019/10/12 13:46:34 [011] WARN: Cannot handshake client play.google.com remote error: tls: unknown certificate 2019/10/12 13:46:38 [012] WARN: Cannot handshake client accounts.google.com remote error: tls: unknown certificate 2019/10/12 13:46:47 [013] WARN: Cannot handshake client accounts.google.com remote error: tls: unknown certificate
But I do not think that is relevant to the problem.
Does this happen to anyone else? The username is also not logged but a session in EvilGinx is made with just the IP address.