kgretzky
commented
5 years ago Hey. The subdomain will always be added, since Evilginx needs to manage several of them for each phishing domain. There is no way to disable it. It must be prepended with accounts for the login page.
Your phishlet is not logging anything as it seems your credentials section is broken. Check the POST parameters sent when you log into Google as it doesn't seem right. How did you get these values?
Also (.) in regular expressions means any 1 or 0 characters. Should be (.*) probably. Also do use the code tags when pasting here as it is super hard to read.
I have my domain garymaurizi.com registered @ godaddy with glue records pointing over to ns1/ns2.digitalocean.com. I've created an A record at digitalocean.com for evilginx2.garymaurizi.com pointing to my server, ive created another glue record for evilginx2.garymaurizi.com pointing to my server so that the evilginx2 server manages everything beneath evilginx2.garymaurizi.com, letsencrypt seems to pull certificates just fine, but for some reason an extra sub domain is getting added no matter what I try... I've read everything I can get my hands on at this point (breakdev, your own blog, every tutorial there is, and every github issue).
I set the phishlets hostname to youtube.evilginx2.garymaurizi.com, I delete and recreate the lure, when I try to visit https://youtube.evilginx2.garymaurizi.com/fMYJNzRV I get the rick rolled page or access denied. if I use https://accounts.youtube.evilginx2.garymaurizi.com/fMYJNzRV I get the login page but it doesn't seem to log anything -- which is weird, because this EXACT phishlet was working to log credentials not even 2 hours ago..
I know you can't help with creating phishlets, but I could really use a hint. I see that there was a google phishlet in version 1.0 but not in the recent versions, is there a reason for this? I'm trying to update it to work with 2.3 but there just isn't enough documentation for me to figure this out...
Thanks, GM.
author: '@slothrop' min_ver: '2.3.0' proxy_hosts: