It seems that the certificate key for development is too short.

kgretzky / evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

BSD 3-Clause "New" or "Revised" License

10.23k stars 1.87k forks source link

It seems that the certificate key for development is too short. #1025

Open viktorandreevichmorozov opened 3 months ago

viktorandreevichmorozov commented 3 months ago

I get curl: (60) SSL certificate problem: EE certificate key too weak while requesting local dev domain.

viktorandreevichmorozov commented 3 months ago

With curl --ciphers DEFAULT@SECLEVEL=1 it is working fine, so key weakness seems to be the only issue.

M41KL-N41TT commented 3 months ago

Hey @viktorandreevichmorozov

I know exactly why this is happening and the line of code at fault!

https://github.com/kgretzky/evilginx2/blob/1b9cb590fefcf30d2f6a460e17098b43182d3c4f/core/certdb.go#L333

Change 1024 to the standard 2048 or higher 4096

Cheers 🥂

(usually I do curl -k or curl --insecure when this pops up but your curl is even more precise, 👍🏻 )

M41KL-N41TT commented 1 month ago

**Hi 👽 ! If you are interested in ⚙️Advanced Phishing⚙️ and the ✨Evilginx3✨ tool then I offer you Google Gmail and Custom Phishlets with a ✅Free Tutorial✅ which arrives if the 📈Telegram reaches 50 Subscribers📈

⏳ GOOGLE GMAIL PHISHLET 2024 WITH PROOF ⏳ -> ⛔https://www.youtube.com/watch?v=nA47UknIE6A⛔

🔓 Ask your questions and a free tutorial from 50 subs on telegram !!! -> 📩https://www.youtube.com/watch?v=dQw4w9WgXcQ📩**

---->>> NEW LINK

-

- ------->>>>>> https://www.youtube.com/watch?v=dQw4w9WgXcQ