Closed phishlet closed 6 years ago
Please help with cloudfare too , very need ! Lot of thank before
CloudFlare and reCaptcha are very likely not easy to bypass. I will need to research them myself to see if it's possible to properly proxy them via Evilginx.
Please post links to websites, which run on CloudFlare or have reCaptcha, with open account registration that I can use to test.
@kgretzky This might be useful to bypass Cloudflare but i believe this should be implemented inside the Evilginx script. Please check it out. Thank you!
@kgretzky I just sent an email to you (kuba@breakdev.org) regarding sites you asked for. Thank you.
Since Cloudflare and reCaptcha are used mainly by cryptocurrency exchanges, I won't be publishing proof-of-concept code on how to evade them.
I will only share such research with legitimate companies who offer legal penetration testing services. Thanks.
@kgretzky good day, Have you been able to bypass cloudflare and recaptcha?
Please help me to bypass recaptcha domain checking
@kgretzky Kuba, could you share with us the PoC how to evade them ? With the PoC we can explore more and more the reCaptcha v2 v3, and them make better reports to be paid, at least for me, looks like the proxy domains it is not enough and also search and replace doesn't look works good. Thank you and congrats!
First of all you really deserve a huge respect, great work, congrats!
I am trying to create my own phishlets but i am always stuck at recaptcha if the site uses it. Recaptcha is checking the domain being used via API keys. If the domain is not in allowed list then recaptcha doesnt work at all. Any suggestions on this issue ?
More information on Recaptcha API: https://developers.google.com/recaptcha/docs/domain_validation
Edit : Using
{domain_regexp}
againstwindow.location.href
will solve the issue ?I would really appreciate an example
Also have issues with cloudflare protected servers. If phished site is cloudfare protected , Page never passes through browser check process therefore real page never loads.