Closed Lglaplante closed 5 years ago
What exactly do you want to achieve?
Redirecting the Victim on each successfull login
for example If I do phishlets get-url twitter https://www.youtube.com/watch?v=dQw4w9WgXcQ
well the link will fail to actually redirect (evilginx logs will be spammed by [string]redirecting to https://www.youtube.com/watch?v=dQw4w9WgXcQ
same issue with amazon. any link you set with get-url for amazon phishlet it won't redirect to it, it tries to but not redirecting, it remains in the users page after login but the link in the browser is my own domain link for amazon.
Login and cookies properly saved although.
Personnaly woth amaozn, the phishlets just doesn't work Whenever I try logging in, it redirect to the official login page and can't do anything
Hello,
Same here. Wanted to test with the Facebook phishlet, and here what I get:
https://i.gyazo.com/ff56086f430556fb3d50ee2133c241ee.png
With the "ERR_TOO_MANY_REDIRECTS" error message on Chrome.
Try not to set the redirect URL to the URL of the website you are running phishing on. It will constantly try to replace the original URL with the phishing one, creating an infinite loop.
This will be fixed in Evilginx 2.3, making the redirect trigger only once.
still facing same problem
the problem still persists
The problem still there even 6 years later. I see that correct redirect_url returned to browser from evilginx as a part of dynamic redirect logic, but the browser don't go to this url and keep working on phishing domain
Evilginx doesn't redirect properly to links configured with get-url. Instead, it will redirect to the real page, but using the phishing domain Example
I want the user to be redirected to a twitter profile after successfull login
phishlets get-url twitter https://twitter.com/[user]
Link get generated, sent to the victim, victim enter his credentials... but won't be redirected to the URL and instead the real twitter will be activated using the phishing domain (displayed url is your.phishing.hostname.yourdomain.com)
If I set an external link (ex: youtube.com) and then do phishlets get-url twitter https://youtube.com phishlets get-url twitter ""
A new link is generated, but the link redirect automaticly to the specified url instead of displaying the login page Is there something I'm missing or it's a bad behavior ?