search

kgretzky / evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
10.94k stars 1.97k forks source link

lures redirect url does not work #187

Closed maisonmargiela0 closed 5 years ago

maisonmargiela0 commented 5 years ago

HELLO!!

lures redirect url does not work. It remains on the "fake" URL after the credentials token.

I think it is a evilginx2 error. Please help!

Thx,

kgretzky commented 5 years ago

You probably used a redirect URL that you are proxying so it was correctly replaced with a phishing URL.

ghost commented 5 years ago

How do you setup a redirect using lures?

kgretzky commented 5 years ago

help lures

curiousm3 commented 5 years ago

lures edit redirect_url

ghost commented 5 years ago

I tried redirecting to https://reddit.com, but after the username and pass were inputted, it just gave me an error and said incorrect username/password. I checked the lure, and it had changed the redirect url.

maisonmargiela0 commented 5 years ago

You probably used a redirect URL that you are proxying so it was correctly replaced with a phishing URL.

Hi kgretzky,

I don't understand what do you mean by this. Does not work for me. I tried with amazon.com and google.com THe redirect does not work!

THank you for your efftor!!

kgretzky commented 5 years ago

You did not provide enough information. Please send more details or I will need to close. Believe me, if redirection didn't work, I'd notice and fix it.

maisonmargiela0 commented 5 years ago

What more ifnormation do you need Kretzy? it does not redirect version 2.3 but on evilginx 2.2 it is working. I don't know where is the problem because I am not a developer. Thank you for your effort!

On Wed, 13 Feb 2019 at 08:38, Kuba Gretzky notifications@github.com wrote:

You did not provide enough information. Please send more details or I will need to close. Believe me, if redirection didn't work, I'd notice and fix it.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/kgretzky/evilginx2/issues/187#issuecomment-463091714, or mute the thread https://github.com/notifications/unsubscribe-auth/AsrVtlK9FirYsDI3OXOHKti4FcQQhMFkks5vM8DXgaJpZM4aVrQL .

pielgrzym commented 5 years ago

Some sites heavy on redirects from oauth/saml don't work with lure redirect. Basically after capturing auth tokens is complete proper message is displayed in evilginx console (for example: [11:31:42] [imp] [0] redirecting to URL: https://reddit.com (1)) but the redirect does not happen on the site itself - haven't got time to debug this fully but I suspect some single page apps can just ignore some responses and keep on rolling (outlook UI - I'm staring at you!). It's worth experimenting with js injection in this scenario.

EDIT: uppon some brief inspection I suspect it might be relate to pushing a 301 on a wrong subdomain

pielgrzym commented 5 years ago

Here is an ugly-ass workaround if you haven't got time to debug some clientside js etc. You have to define a custom lure paramerer: lures edit 0 params rurl=http://reddit.com and this js will be triggered 2s after the login page loads (remember to adjust trigger rules to match the final page). The wait helps if cookie setting is delayed and prevents evilginx from missing a token :)


js_inject:
  - trigger_domains: ["www.victim-site.com"]
    trigger_paths: ["/yay-i-managed-to-login"]
    script: |
            function gimmesleep(ms) {
              return new Promise(resolve => setTimeout(resolve, ms));
            }
            async function redir() {
              await gimmesleep(2000);
              window.location.href = "{rurl}";
            }
            redir()
maisonmargiela0 commented 5 years ago

Hello Jakub,

I don't understand how to do it. It does not work this command lures edit 0 params rurl=http://reddit.com Sorry but I am noobie:(

Thx,

On Sun, 24 Feb 2019 at 13:04, Jakub Nawalaniec notifications@github.com wrote:

Here is an ugly-ass workaround if you haven't got time to debug some clientside js etc. You have to define a custom lure paramerer: lures edit 0 params rurl= http://reddit.com and this js will be triggered 2s after the login page loads (remember to adjust trigger rules to match the final page). The wait helps if cookie setting is delayed and prevents evilginx from missing a token :)

js_inject:

  • trigger_domains: ["www.victim-site.com"] trigger_paths: ["/yay-i-managed-to-login"] script: | function gimmesleep(ms) { return new Promise(resolve => setTimeout(resolve, ms)); } async function redir() { await gimmesleep(2000); window.location.href = "{rurl}"; } redir()

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/kgretzky/evilginx2/issues/187#issuecomment-466767906, or mute the thread https://github.com/notifications/unsubscribe-auth/AsrVtoMbpI1ig8qKLXDcEAPnkCUAA5Tnks5vQn-5gaJpZM4aVrQL .

maisonmargiela0 commented 5 years ago

The redirect is wroking fine now.. GOOD JOB

Can anybody help me with a phishlet? I made everything for amazon.it phishlet but does not take cookies.

Thx

maisonmargiela0 commented 5 years ago

Hi,

Did you used js injected javascript that pre-fills the target's email on amazon phishlet? I tried to use it but it does not work for me. Can you please help me?

Thx,

On Sun, 24 Feb 2019 at 13:04, Jakub Nawalaniec notifications@github.com wrote:

Here is an ugly-ass workaround if you haven't got time to debug some clientside js etc. You have to define a custom lure paramerer: lures edit 0 params rurl= http://reddit.com and this js will be triggered 2s after the login page loads (remember to adjust trigger rules to match the final page). The wait helps if cookie setting is delayed and prevents evilginx from missing a token :)

js_inject:

  • trigger_domains: ["www.victim-site.com"] trigger_paths: ["/yay-i-managed-to-login"] script: | function gimmesleep(ms) { return new Promise(resolve => setTimeout(resolve, ms)); } async function redir() { await gimmesleep(2000); window.location.href = "{rurl}"; } redir()

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/kgretzky/evilginx2/issues/187#issuecomment-466767906, or mute the thread https://github.com/notifications/unsubscribe-auth/AsrVtoMbpI1ig8qKLXDcEAPnkCUAA5Tnks5vQn-5gaJpZM4aVrQL .

narcotic401 commented 5 years ago

js injected javascript that pre-fills not works for gmail too! if anyone found anything help me Amandalekhaym@gmail.com

DSUN01 commented 5 years ago

i did this lures edit redirect_url <1> https://login.live.com and i got this [err] lures: edit: strconv.Atoi: parsing "<1>": invalid syntax what may be the problem

ghoxt007 commented 3 years ago

The redirect is wroking fine now.. GOOD JOB

Can anybody help me with a phishlet? I made everything for amazon.it phishlet but does not take cookies.

Thx

How did you do it? I’m having the same issue

kpomeroy1979 commented 7 months ago

You did not provide enough information. Please send more details or I will need to close. Believe me, if redirection didn't work, I'd notice and fix it.

That would be nice if this was true. The redirect_url in the lure does not work. Something is broken after chanting the redirect code from 302 to JavaScript