Closed HachimanSec closed 6 years ago
I just tried it with the Facebook phishlet, which seems to have some redirect issues as well. This time the page is broken. However on the evilginx server nothing is visible.
Hey Tom!
Thanks for kind words!
Please try to not use legitimate URLs of the targeted website in the redirection URL. Evilginx tries to replace them on the fly with phishing URL and it responds with the redirect again - thus the reason for infinite loop. If you just don't want to provide the redirect URL, generate the phishing URL without the redirection parameter:
phishlets get-url linkedin ""
Regarding the Facebook phishlet, redirect may be broken as I haven't tested it properly yet.
Let me know if it helped for LinkedIn.
You are welcome! I am already planning some public live hacks with evilginx2 to raise awareness for cyber security!
Thank you for the explanation. I guess I misunderstood the get-url parameter. When it is set to "" it works perfectly fine.
Just to make sure I got it, the get-url parameter is the URL that can optionally be set to redirect a user after successful authentication, right? Like I use the google phishlet and later on I forward the user to youtube.
Cheers Tom
Hi Kuba,
First of all, pretty awesome tool. You and evilsocket made me look into Go, providing such awesome tools! Thanks for all your effort.
I just installed the binary for Kali linux (4.17.0-kali1-amd64 #1 SMP Debian 4.17.8-1kali1 (2018-07-24) x86_64 GNU/Linux)
I was playing around in a local, virtualized environment based on VirtualBox.
For the victim, a Windows 7 box, I added a manual entry for "fakebook.com", pointing towards the local IP of the evilginx server.
The evilginx server was started and I used the linkedin phishlet (I know, the domain is confusing, but just some testing for myself ;) Because everything is local I have created a self-signed cert, which seems to work.
By accessing the tokenized URL I see the LinkedIn login screen. Entering my credentials works and is intercepted as desigend. However, after that I end up in a "redirect" loop. Firefox ends with an error. IE simply hangs. On Evilginx I see constant redirects to "www.linkedin.com".
Any ideas what is going wrong here?
Cheers Tom