Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
I've been trying to set up a phishing awareness training for a bunch of our employees, it all goes well, but for some unknown reason I can't make proxy to work with our MFA solution, once I'm being redirected to MFA page after SAML login, I'm getting
[170] WARN: Error dialing target site: tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config
in evilginx console. Evilginx then sends HTTP/1.1 POST request instead of HTTP/2 and MFA drops session.
I've tried to use the following construction in vendor/github.com/go-resty/resty/v2/client.go
Hi there,
version: 3.3.0
I've been trying to set up a phishing awareness training for a bunch of our employees, it all goes well, but for some unknown reason I can't make proxy to work with our MFA solution, once I'm being redirected to MFA page after SAML login, I'm getting
[170] WARN: Error dialing target site: tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config
in evilginx console. Evilginx then sends HTTP/1.1 POST request instead of HTTP/2 and MFA drops session.
I've tried to use the following construction in
vendor/github.com/go-resty/resty/v2/client.go
But still no luck :(
Any help would be greatly appreciated. Thanks in advance.