search

infobyte / emploleaks

An OSINT tool that helps detect members of a company with leaked credentials
https://fardadaysec.com
528 stars 46 forks source link

Unable to login to LinkedIn #2

Closed frankea closed 1 year ago

frankea commented 1 year ago

When attempting to follow the steps in the readme, I enter my credentials as instructed and perform "run login" to see the following result:

emploleaks(linkedin)> run login
[-] LinkedIn has a message for you that you need to address.
[*] Please log in using a web browser first, and then come back and try again.
[-] Session could not be established.

I then open LinkedIn in my browser and see no message. I log out and back in and get the same result. I log in on other browsers on my machine, and get the same result.

I have "set debug true" but do not see any additional debug information regarding the problem establishing a session. I do have 2FA enabled, but I have it set to an authenticator app which generates a code.

I am running on an Intel MacBook Pro, Mac OS 13.4.1 (c) (22F770820d), Python 3.10.12 from homebrew, and I had to modify the requirements.txt to "psycopg2-binary==2.9.6" in order to be able to install. I plan on testing this on my M2 machine tomorrow to see if there is any difference.

Please let me know if there are any additional details needed.

frankea commented 1 year ago

I added a bit of debug code to see what's going on in the background, and I can see the redirect URL is "[DEBUG] Redirect Location: /checkpoint/challenge/very long string" and based on the login_problems = ['challenge', 'captcha', 'manage-account', 'add-email'] I'm assuming 2FA with auth app isn't currently supported here.

fiuderazes commented 1 year ago

I have the same LinkedIn login issue

Sneaky2x commented 1 year ago

Same here with 2FA disabled. Some details:

Sneaky2x commented 1 year ago

https://github.com/infobyte/emploleaks/issues/2#issuecomment-1673026865

Performing a chrome login in the machine that runs this script fixed the issue. The session could start afterwards with run login.

lupulabs commented 1 year ago

Hi all, sorry for the late response but the previous week was insane at Vegas. For the moment 2FA is not supported.

But I promise see this task in a couple of versions

lupulabs commented 1 year ago

Same here with 2FA disabled. Some details:

* brand new private LinkedIn account

* email verified

* no email returned for new location sign-in attempt

are you using vpn or something like that?

Sneaky2x commented 1 year ago

Hi @lupulabs, no VPN. But, after log in into LinkedIn on the browser and then rerunning the script, it worked.

lupulabs commented 1 year ago

Hi all, I modified the linkedin plugin to impersonate the account of the browser directly.

May be with this mod you can login in LinkedIn with the 2FA enable. I don't update the documentation, but you need to copy and paste the JSESSIONID and li-at cookie from your session in the browser and set the new vars with setopt

Hope this work <3

lupulabs commented 1 year ago

it's working with 2FA now.

lupulabs commented 1 year ago

closing issue