search

kgretzky / evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
10.62k stars 1.92k forks source link

The Browser or App may not be secured . I got this error in google phishlet, i think google again updated their policy ,any updates related to this issue? #1094

Open WizAdward opened 1 month ago

WizAdward commented 1 month ago

img

simplerhacking commented 1 month ago

Google phishlets work perfectly fine.

You do not need anything fancy or evilpuppet. You can even just extract the necessary data via custom js per the official documentation, that's why Kuba put it there. There is no need to use all of extra tools or even the pro version. Google rolled out the new v3 login, I highly doubt they patch it or change it anytime soon. (Look at v3 release notes & recaptcha notes).

https://cloud.google.com/recaptcha/docs/release-notes

Google phishlets for Evilginx 3.0 work fine. Google sign-in redirects instantly to myaccount as normal, even switching apps will not prompt re-authentication via the main account.

Google Phishlet Fine Update Google Phishlet Fine Update 2 Google Phishlet Fine Update 3 Google Phishlet Fine Update 4

bigherocenter commented 6 days ago

@simplerhacking yes it works fine but for some accounts ,but for the most of the account it shows this error ,google soon patch all accounts as they did previously , if you remember.

It mean that each account work different to login? And also it show error for some country.