Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
11.01k
stars
1.98k
forks
source link
Evilginx ver 3.3.0 cannot capture credentials #1109
For the second phishlet, I specified all the domains correctly, but I encountered an issue with setting the value of auth_urls. The landing page is 1byte.com, but after logging in, the user dashboard uses bo.1byte.com and the content is retrieved from api.1byte.com. Since I set 1byte.com as the landing page in the proxy host, there's no way to instruct Evilginx to check api.1byte.com using the auth_urls after the login.
Another option is to inject JavaScript to capture what the user inputs, but that's not what I'm aiming for. I just want to know if the way I've built the phishlet is correct or not. If it's wrong, where exactly is the issue? Or are there certain cases where Evilginx can't capture credentials without injecting JavaScript?
I am trying to reproduce your issue but how did you manage to get evilginx and burp suite work together?
I get Cannot read TLS response from mitm'd server proxyconnect tcp: EOF
DO NOT ASK FOR PHISHLETS.
DO NOT ASK FOR HELP CREATING PHISHLETS.
DO NOT ASK TO FIX PHISHLETS.
DO NOT ADVERTISE OR TRY TO SELL PHISHLETS.
EXPECT A BAN OTHERWISE. THANK YOU!
REPORT ONLY BUGS OR FEATURE SUGGESTIONS.
Hi all, I am using Evilginx 3.3.0 and testing for this domain
1byte.com
. But cannot catch the credentialsHere is the POST request. The site use
json
format therefore thetype
atcredentials
must bejson
Here is the cookies stored on browser. The needed-cookies are
auth._token_expiration.local
andauth._token.local
I did try test regular expression for catching the value of username + password. It works
And here is my 1st phishlet, did not work :(
For the second phishlet, I specified all the domains correctly, but I encountered an issue with setting the value of
auth_urls
. The landing page is1byte.com
, but after logging in, the user dashboard usesbo.1byte.com
and the content is retrieved fromapi.1byte.com
. Since I set1byte.com
as thelanding page
in the proxy host, there's no way to instruct Evilginx to checkapi.1byte.com
using theauth_urls
after the login.Another option is to inject JavaScript to capture what the user inputs, but that's not what I'm aiming for. I just want to know if the way I've built the phishlet is correct or not. If it's wrong, where exactly is the issue? Or are there certain cases where Evilginx can't capture credentials without injecting JavaScript?
Thanks!!!