YelloCats
commented
6 years ago Please help with cloudfare too , very need ! Lot of thank before
Closed phishlet closed 6 years ago
YelloCats
commented
6 years ago Please help with cloudfare too , very need ! Lot of thank before
kgretzky
commented
6 years ago CloudFlare and reCaptcha are very likely not easy to bypass. I will need to research them myself to see if it's possible to properly proxy them via Evilginx.
Please post links to websites, which run on CloudFlare or have reCaptcha, with open account registration that I can use to test.
phishlet
commented
6 years ago @kgretzky This might be useful to bypass Cloudflare but i believe this should be implemented inside the Evilginx script. Please check it out. Thank you!
phishlet
commented
6 years ago @kgretzky I just sent an email to you (kuba@breakdev.org) regarding sites you asked for. Thank you.
kgretzky
commented
6 years ago Since Cloudflare and reCaptcha are used mainly by cryptocurrency exchanges, I won't be publishing proof-of-concept code on how to evade them.
I will only share such research with legitimate companies who offer legal penetration testing services. Thanks.
xviiixxix
commented
5 years ago @kgretzky good day, Have you been able to bypass cloudflare and recaptcha?
K4zBeK
commented
5 years ago Please help me to bypass recaptcha domain checking
hauzlife
commented
3 years ago @kgretzky Kuba, could you share with us the PoC how to evade them ? With the PoC we can explore more and more the reCaptcha v2 v3, and them make better reports to be paid, at least for me, looks like the proxy domains it is not enough and also search and replace doesn't look works good. Thank you and congrats!
First of all you really deserve a huge respect, great work, congrats!
I am trying to create my own phishlets but i am always stuck at recaptcha if the site uses it. Recaptcha is checking the domain being used via API keys. If the domain is not in allowed list then recaptcha doesnt work at all. Any suggestions on this issue ?
More information on Recaptcha API: https://developers.google.com/recaptcha/docs/domain_validation
Edit : Using
{domain_regexp}againstwindow.location.hrefwill solve the issue ?I would really appreciate an example
Also have issues with cloudflare protected servers. If phished site is cloudfare protected , Page never passes through browser check process therefore real page never loads.