kpomeroy1979
commented
4 months ago Not much help here I see. Shame the developer is not around to answer questions.
Open kpomeroy1979 opened 4 months ago
kpomeroy1979
commented
4 months ago Not much help here I see. Shame the developer is not around to answer questions.
BakkerJan
commented
4 months ago @kpomeroy1979 There is a ton of help eagerly waiting for your questions in the BreakDEV Red community.
kpomeroy1979
commented
4 months ago Thank you sir. I will ask the question there.
Cheers
kpomeroy1979
commented
4 months ago I guess not.
Hello,
Perhaps I am doing something wrong here but I use a combination of GoPhish and Evilginx2 for phishing.
The issue is I use GoPhish to create the "email template" aka the phishing email that the client will see and use SendGrid for the "sending profile" aka the email server that will actually SEND the emails.
When you create a campaign in goPhish, each URL that is sent has a /?rid=XXXXXXX on the end of the URL to identify every user who clicks, so every time my users get a phishing email, the base URL is the same, but there is always a /?rid=XXXXXXX on the end of the URL. (indented functionality of GoPhish)
Is that the reason why every request is 'unauthorized' because in my lure, I have the "path" option set to /Teams/Messages/MissedMessage (as an example) so the URL that the user gets would be https://whatever.com/Teams/Messages/MissedMessage/?rid=XXXXXXX?
Just trying to figure out if we use GoPhish for phishing campaigns, what URL to I have to set in the lure to make sure any request to the phishing url, including ?/rid=XXXXXX is valid and not flagged as 'unauthorized', and initiating the MITM'ing provided by Evilginx
Example: Evilginx lure configuration: lures edit 0 path /Teams/Messages/MissedMessage/1 GoPhish sends the following URL to the client https://whatever.com/Teams/Messages/MissedMessage/1?rid=XXXXXXX All requests to the phishing domain running evilginx are flagged as 'unauthorized' because, I assume, the "?rid=XXXXXXX" is not part of the lure path?
This never used to be an issue before so perhaps I'm not doing something correctly with the lure path? Totally confused.
BTW I could never get EvilGinx 3.2 to work so I went back to what worked in the past for me, 2.4.2
P.S. - Is there a way to turn off the blocking of unauthorized requests completely so that ANY request to ANY url to our phishing domain would initiate evilginx and MITM'ing?