Closed edermi closed 6 years ago
kgretzky
commented
6 years ago Hey!
Thanks for reporting this issue. This indeed needs to be implemented. I think the way to solve it would be to make cookie key names regex'able like you suggested.
Can you give me the example key names of the service you are working with? I assume the SessionID is [0-9]{6}, so would the following be compatible then?:
ASP.NET_[0-9]{6}
service_[0-9]{6}
edermi
commented
6 years ago Hi,
thanks for your response. No, SessionID indeed ist part of the name of the first two cookies, but the third in this example is something like service_001337. The service I'm currently working with at a customer's site and I'm building a PoC for uses (additionally to the ASP.NET_SessionID and the service_SessionID) three of these cookies: servicename_xxxxxx_daily, servicename_xxxxxx_weekly, and servicename_xxxxxx_monthly where xxxxxx is my user ID.
kgretzky
commented
6 years ago I've addressed that specific issue over the weekend. Please read the Evilginx 2.1 write-up and try the new regular expression features. Let me know if that helped!
https://breakdev.org/evilginx-2-1-the-first-post-release-update/
edermi
commented
6 years ago I finally found time for testing, works like a charm. Thanks!
As far as I understood your awesome blog post and the provided examples, it is required to know the name of the cookie to fetch beforehand. I'm currently working with a service which is giving out cookies that look like
servicename_userid, but I don't know the user ID of the users that are going to be fished. Enumerating all values is also impossible since it is at least 6 digits.Is it somehow possible to tell evilginx2 to capture simply all cookies or provide a regex for the cookie names, e.g.
for regex or
to capture all cookies?