Closed dissidentmoore closed 7 years ago
Hmm, so i think my problem is that the target host has a request uri. Everything seems to work fine if the request uri is omitted. Is there any way to include the request uri, but only for the login page, and not for additional resources like js/css and images?
Hello! target_hosts
must contain hostnames only. I'm not sure exactly how your site works, but if you properly proxy your site with Evilginx, you should be able to specify anything you want in URL path, using your fake domain.
And thanks for letting me know why these warnings are generated! I will fix it ASAP.
First I'll say, great job on this, everything worked out of the box with basically no snags, very cool.
However I'm have a lot of trouble getting things working for a custom target. The target page is getting served when I visit the phishing domain like it should, but any CSS or JS files are not, for some reason the same login page is being served for each js or css file. Here are my config and site.conf file
config
site.conf
Also(this is unrelated): in the .conf files for each site, you have
sub_filter_types text/html application/json;
set unnecessarily, text/html is already set by default. This causes[warn] duplicate MIME type "text/html" in /etc/nginx/sites-enabled/site.com.conf
warning everytime the page is requested, everything still works but the error.log gets full pretty quick.